stop futzing around and start sandboxing

sandboxing/README.md

@@ -0,0 +1,39 @@
+This directory includes some working notes to audit the entire Teliva codebase
+for side-effects that should be gated/sandboxed.
+
+Founding principle for this approach: Side-effects come from the OS. There can
+be no effects visible outside a Unix process (regardless of language) if it
+doesn't invoke any OS syscalls.
+
+## Top down
+
+Things to secure:
+* files opened (for read/write) on file system
+* what gets written to files on file system
+* destinations opened (for read/write) on network
+  * `inet_tryconnect` // `socket_connect`
+  * `inet_tryaccept` // `socket_accept`
+* what gets written to network
+  * `socket_send`, `socket_sendto`
+  * `socket_recv`, `socket_recvfrom`
+
+## Bottom up
+
+* `includes`: all `#include`s throughout the codebase. I assume that C the
+  language itself can't have any side effects that impact other programs on
+  the computer.
+  ```
+  cd src
+  grep '#include' * */* > ../sandboxing/includes
+  ```
+* `system_includes`: all `#include <...>`s throughout the codebase. I assume
+  side-effects require going outside the codebase. `#include`s could smuggle
+  out of the codebase using relative paths (`../`) but I assume it's easy to
+  protect against this using code review.
+  ```
+  grep '<' sandboxing/includes > sandboxing/system_includes
+  ```
+* `unique_system_includes`: deduped
+  ```
+  sed 's/.*<\|>.*//g' sandboxing/system_includes |sort |uniq > sandboxing/unique_system_includes
+  ```

sandboxing/includes

@@ -0,0 +1,627 @@
+kilo.c:#include <assert.h>
+kilo.c:#include <ncurses.h>
+kilo.c:#include <stdlib.h>
+kilo.c:#include <stdio.h>
+kilo.c:#include <stdint.h>
+kilo.c:#include <errno.h>
+kilo.c:#include <string.h>
+kilo.c:#include <ctype.h>
+kilo.c:#include <time.h>
+kilo.c:#include <sys/types.h>
+kilo.c:#include <sys/time.h>
+kilo.c:#include <unistd.h>
+kilo.c:#include <fcntl.h>
+kilo.c:#include "lua.h"
+kilo.c:#include "teliva.h"
+lapi.c:#include <assert.h>
+lapi.c:#include <math.h>
+lapi.c:#include <stdarg.h>
+lapi.c:#include <string.h>
+lapi.c:#include "lua.h"
+lapi.c:#include "lapi.h"
+lapi.c:#include "ldebug.h"
+lapi.c:#include "ldo.h"
+lapi.c:#include "lfunc.h"
+lapi.c:#include "lgc.h"
+lapi.c:#include "lmem.h"
+lapi.c:#include "lobject.h"
+lapi.c:#include "lstate.h"
+lapi.c:#include "lstring.h"
+lapi.c:#include "ltable.h"
+lapi.c:#include "ltm.h"
+lapi.c:#include "lundump.h"
+lapi.c:#include "lvm.h"
+lapi.h:#include "lobject.h"
+lauxlib.c:#include <ctype.h>
+lauxlib.c:#include <errno.h>
+lauxlib.c:#include <stdarg.h>
+lauxlib.c:#include <stdio.h>
+lauxlib.c:#include <stdlib.h>
+lauxlib.c:#include <string.h>
+lauxlib.c:#include "lua.h"
+lauxlib.c:#include "lauxlib.h"
+lauxlib.h:#include <stddef.h>
+lauxlib.h:#include <stdio.h>
+lauxlib.h:#include "lua.h"
+lbaselib.c:#include <ctype.h>
+lbaselib.c:#include <ncurses.h>
+lbaselib.c:#include <stdio.h>
+lbaselib.c:#include <stdlib.h>
+lbaselib.c:#include <string.h>
+lbaselib.c:#include "lua.h"
+lbaselib.c:#include "lauxlib.h"
+lbaselib.c:#include "lualib.h"
+lcode.c:#include <stdlib.h>
+lcode.c:#include "lua.h"
+lcode.c:#include "lcode.h"
+lcode.c:#include "ldebug.h"
+lcode.c:#include "ldo.h"
+lcode.c:#include "lgc.h"
+lcode.c:#include "llex.h"
+lcode.c:#include "lmem.h"
+lcode.c:#include "lobject.h"
+lcode.c:#include "lopcodes.h"
+lcode.c:#include "lparser.h"
+lcode.c:#include "ltable.h"
+lcode.h:#include "llex.h"
+lcode.h:#include "lobject.h"
+lcode.h:#include "lopcodes.h"
+lcode.h:#include "lparser.h"
+ldblib.c:#include <stdio.h>
+ldblib.c:#include <stdlib.h>
+ldblib.c:#include <string.h>
+ldblib.c:#include "lua.h"
+ldblib.c:#include "lauxlib.h"
+ldblib.c:#include "lualib.h"
+ldebug.c:#include <stdarg.h>
+ldebug.c:#include <stddef.h>
+ldebug.c:#include <string.h>
+ldebug.c:#include "lua.h"
+ldebug.c:#include "lapi.h"
+ldebug.c:#include "lcode.h"
+ldebug.c:#include "ldebug.h"
+ldebug.c:#include "ldo.h"
+ldebug.c:#include "lfunc.h"
+ldebug.c:#include "lobject.h"
+ldebug.c:#include "lopcodes.h"
+ldebug.c:#include "lstate.h"
+ldebug.c:#include "lstring.h"
+ldebug.c:#include "ltable.h"
+ldebug.c:#include "ltm.h"
+ldebug.c:#include "lvm.h"
+ldebug.h:#include "lstate.h"
+ldo.c:#include <setjmp.h>
+ldo.c:#include <stdio.h>
+ldo.c:#include <stdlib.h>
+ldo.c:#include <string.h>
+ldo.c:#include "lua.h"
+ldo.c:#include "ldebug.h"
+ldo.c:#include "ldo.h"
+ldo.c:#include "lfunc.h"
+ldo.c:#include "lgc.h"
+ldo.c:#include "lmem.h"
+ldo.c:#include "lobject.h"
+ldo.c:#include "lopcodes.h"
+ldo.c:#include "lparser.h"
+ldo.c:#include "lstate.h"
+ldo.c:#include "lstring.h"
+ldo.c:#include "ltable.h"
+ldo.c:#include "ltm.h"
+ldo.c:#include "lundump.h"
+ldo.c:#include "lvm.h"
+ldo.c:#include "lzio.h"
+ldo.h:#include "lobject.h"
+ldo.h:#include "lstate.h"
+ldo.h:#include "lzio.h"
+ldump.c:#include <stddef.h>
+ldump.c:#include "lua.h"
+ldump.c:#include "lobject.h"
+ldump.c:#include "lstate.h"
+ldump.c:#include "lundump.h"
+lfunc.c:#include <stddef.h>
+lfunc.c:#include "lua.h"
+lfunc.c:#include "lfunc.h"
+lfunc.c:#include "lgc.h"
+lfunc.c:#include "lmem.h"
+lfunc.c:#include "lobject.h"
+lfunc.c:#include "lstate.h"
+lfunc.h:#include "lobject.h"
+lgc.c:#include <string.h>
+lgc.c:#include "lua.h"
+lgc.c:#include "ldebug.h"
+lgc.c:#include "ldo.h"
+lgc.c:#include "lfunc.h"
+lgc.c:#include "lgc.h"
+lgc.c:#include "lmem.h"
+lgc.c:#include "lobject.h"
+lgc.c:#include "lstate.h"
+lgc.c:#include "lstring.h"
+lgc.c:#include "ltable.h"
+lgc.c:#include "ltm.h"
+lgc.h:#include "lobject.h"
+linit.c:#include "lua.h"
+linit.c:#include "lualib.h"
+linit.c:#include "lauxlib.h"
+liolib.c:#include <errno.h>
+liolib.c:#include <stdio.h>
+liolib.c:#include <stdlib.h>
+liolib.c:#include <string.h>
+liolib.c:#include "lua.h"
+liolib.c:#include "lauxlib.h"
+liolib.c:#include "lualib.h"
+llex.c:#include <ctype.h>
+llex.c:#include <locale.h>
+llex.c:#include <string.h>
+llex.c:#include "lua.h"
+llex.c:#include "ldo.h"
+llex.c:#include "llex.h"
+llex.c:#include "lobject.h"
+llex.c:#include "lparser.h"
+llex.c:#include "lstate.h"
+llex.c:#include "lstring.h"
+llex.c:#include "ltable.h"
+llex.c:#include "lzio.h"
+llex.h:#include "lobject.h"
+llex.h:#include "lzio.h"
+llimits.h:#include <limits.h>
+llimits.h:#include <stddef.h>
+llimits.h:#include "lua.h"
+lmathlib.c:#include <stdlib.h>
+lmathlib.c:#include <math.h>
+lmathlib.c:#include "lua.h"
+lmathlib.c:#include "lauxlib.h"
+lmathlib.c:#include "lualib.h"
+lmem.c:#include <stddef.h>
+lmem.c:#include "lua.h"
+lmem.c:#include "ldebug.h"
+lmem.c:#include "ldo.h"
+lmem.c:#include "lmem.h"
+lmem.c:#include "lobject.h"
+lmem.c:#include "lstate.h"
+lmem.h:#include <stddef.h>
+lmem.h:#include "llimits.h"
+lmem.h:#include "lua.h"
+loadlib.c:#include <stdlib.h>
+loadlib.c:#include <string.h>
+loadlib.c:#include "lua.h"
+loadlib.c:#include "lauxlib.h"
+loadlib.c:#include "lualib.h"
+loadlib.c:#include <dlfcn.h>
+loadlib.c:#include <windows.h>
+loadlib.c:#include <mach-o/dyld.h>
+lobject.c:#include <ctype.h>
+lobject.c:#include <stdarg.h>
+lobject.c:#include <stdio.h>
+lobject.c:#include <stdlib.h>
+lobject.c:#include <string.h>
+lobject.c:#include "lua.h"
+lobject.c:#include "ldo.h"
+lobject.c:#include "lmem.h"
+lobject.c:#include "lobject.h"
+lobject.c:#include "lstate.h"
+lobject.c:#include "lstring.h"
+lobject.c:#include "lvm.h"
+lobject.h:#include <stdarg.h>
+lobject.h:#include "llimits.h"
+lobject.h:#include "lua.h"
+lopcodes.c:#include "lopcodes.h"
+lopcodes.h:#include "llimits.h"
+loslib.c:#include <errno.h>
+loslib.c:#include <locale.h>
+loslib.c:#include <stdlib.h>
+loslib.c:#include <string.h>
+loslib.c:#include <time.h>
+loslib.c:#include "lua.h"
+loslib.c:#include "lauxlib.h"
+loslib.c:#include "lualib.h"
+lparser.c:#include <string.h>
+lparser.c:#include "lua.h"
+lparser.c:#include "lcode.h"
+lparser.c:#include "ldebug.h"
+lparser.c:#include "ldo.h"
+lparser.c:#include "lfunc.h"
+lparser.c:#include "llex.h"
+lparser.c:#include "lmem.h"
+lparser.c:#include "lobject.h"
+lparser.c:#include "lopcodes.h"
+lparser.c:#include "lparser.h"
+lparser.c:#include "lstate.h"
+lparser.c:#include "lstring.h"
+lparser.c:#include "ltable.h"
+lparser.h:#include "llimits.h"
+lparser.h:#include "lobject.h"
+lparser.h:#include "lzio.h"
+lstate.c:#include <stddef.h>
+lstate.c:#include "lua.h"
+lstate.c:#include "ldebug.h"
+lstate.c:#include "ldo.h"
+lstate.c:#include "lfunc.h"
+lstate.c:#include "lgc.h"
+lstate.c:#include "llex.h"
+lstate.c:#include "lmem.h"
+lstate.c:#include "lstate.h"
+lstate.c:#include "lstring.h"
+lstate.c:#include "ltable.h"
+lstate.c:#include "ltm.h"
+lstate.h:#include "lua.h"
+lstate.h:#include "lobject.h"
+lstate.h:#include "ltm.h"
+lstate.h:#include "lzio.h"
+lstring.c:#include <string.h>
+lstring.c:#include "lua.h"
+lstring.c:#include "lmem.h"
+lstring.c:#include "lobject.h"
+lstring.c:#include "lstate.h"
+lstring.c:#include "lstring.h"
+lstring.h:#include "lgc.h"
+lstring.h:#include "lobject.h"
+lstring.h:#include "lstate.h"
+lstrlib.c:#include <ctype.h>
+lstrlib.c:#include <stddef.h>
+lstrlib.c:#include <stdio.h>
+lstrlib.c:#include <stdlib.h>
+lstrlib.c:#include <string.h>
+lstrlib.c:#include "lua.h"
+lstrlib.c:#include "lauxlib.h"
+lstrlib.c:#include "lualib.h"
+ltable.c:#include <math.h>
+ltable.c:#include <string.h>
+ltable.c:#include "lua.h"
+ltable.c:#include "ldebug.h"
+ltable.c:#include "ldo.h"
+ltable.c:#include "lgc.h"
+ltable.c:#include "lmem.h"
+ltable.c:#include "lobject.h"
+ltable.c:#include "lstate.h"
+ltable.c:#include "ltable.h"
+ltable.h:#include "lobject.h"
+ltablib.c:#include <stddef.h>
+ltablib.c:#include "lua.h"
+ltablib.c:#include "lauxlib.h"
+ltablib.c:#include "lualib.h"
+ltm.c:#include <string.h>
+ltm.c:#include "lua.h"
+ltm.c:#include "lobject.h"
+ltm.c:#include "lstate.h"
+ltm.c:#include "lstring.h"
+ltm.c:#include "ltable.h"
+ltm.c:#include "ltm.h"
+ltm.h:#include "lobject.h"
+lua.c:#include <assert.h>
+lua.c:#include <ctype.h>
+lua.c:#include <fcntl.h>
+lua.c:#include <locale.h>
+lua.c:#include <ncurses.h>
+lua.c:#include <signal.h>
+lua.c:#include <stdio.h>
+lua.c:#include <stdlib.h>
+lua.c:#include <string.h>
+lua.c:#include <time.h>
+lua.c:#include <unistd.h>
+lua.c:#include "lua.h"
+lua.c:#include "teliva.h"
+lua.c:#include "lauxlib.h"
+lua.c:#include "lualib.h"
+lua.h:#include <stdarg.h>
+lua.h:#include <stddef.h>
+lua.h:#include "luaconf.h"
+lua.h:#include LUA_USER_H
+luaconf.h:#include <limits.h>
+luaconf.h:#include <stddef.h>
+luaconf.h:#include <assert.h>
+luaconf.h:#include <math.h>
+luaconf.h:#include <unistd.h>
+luaconf.h:#include <stdio.h>
+lualib.h:#include "lua.h"
+lundump.c:#include <string.h>
+lundump.c:#include "lua.h"
+lundump.c:#include "ldebug.h"
+lundump.c:#include "ldo.h"
+lundump.c:#include "lfunc.h"
+lundump.c:#include "lmem.h"
+lundump.c:#include "lobject.h"
+lundump.c:#include "lstring.h"
+lundump.c:#include "lundump.h"
+lundump.c:#include "lzio.h"
+lundump.h:#include "lobject.h"
+lundump.h:#include "lzio.h"
+lvm.c:#include <stdio.h>
+lvm.c:#include <stdlib.h>
+lvm.c:#include <string.h>
+lvm.c:#include "lua.h"
+lvm.c:#include "ldebug.h"
+lvm.c:#include "ldo.h"
+lvm.c:#include "lfunc.h"
+lvm.c:#include "lgc.h"
+lvm.c:#include "lobject.h"
+lvm.c:#include "lopcodes.h"
+lvm.c:#include "lstate.h"
+lvm.c:#include "lstring.h"
+lvm.c:#include "ltable.h"
+lvm.c:#include "ltm.h"
+lvm.c:#include "lvm.h"
+lvm.h:#include "ldo.h"
+lvm.h:#include "lobject.h"
+lvm.h:#include "ltm.h"
+lzio.c:#include <string.h>
+lzio.c:#include "lua.h"
+lzio.c:#include "llimits.h"
+lzio.c:#include "lmem.h"
+lzio.c:#include "lstate.h"
+lzio.c:#include "lzio.h"
+lzio.h:#include "lua.h"
+lzio.h:#include "lmem.h"
+menu.c:#include <ncurses.h>
+menu.c:#include <string.h>
+menu.c:#include "lua.h"
+menu.c:#include "lauxlib.h"
+menu.c:#include "teliva.h"
+tlv.c:#include <assert.h>
+tlv.c:#include <ncurses.h>
+tlv.c:#include <stdio.h>
+tlv.c:#include <stdlib.h>
+tlv.c:#include <string.h>
+tlv.c:#include <strings.h>
+tlv.c:#include "lua.h"
+tlv.c:#include "lauxlib.h"
+lcurses/_helpers.c:#include <errno.h>
+lcurses/_helpers.c:#include <grp.h>
+lcurses/_helpers.c:#include <pwd.h>
+lcurses/_helpers.c:#include <stdlib.h>
+lcurses/_helpers.c:#include <string.h>
+lcurses/_helpers.c:#include <sys/stat.h>
+lcurses/_helpers.c:#include <unistd.h>
+lcurses/_helpers.c:#include <ncurses.h>
+lcurses/_helpers.c:#include <term.h>
+lcurses/_helpers.c:#include "../lua.h"
+lcurses/_helpers.c:#include "../lualib.h"
+lcurses/_helpers.c:#include "../lauxlib.h"
+lcurses/chstr.c:#include "_helpers.c"
+lcurses/compat-5.2.c:#include <errno.h>
+lcurses/compat-5.2.c:#include <string.h>
+lcurses/compat-5.2.c:#include "../lua.h"
+lcurses/compat-5.2.c:#include "../lauxlib.h"
+lcurses/compat-5.2.c:#include "compat-5.2.h"
+lcurses/compat-5.2.c:#include <limits.h>
+lcurses/compat-5.2.c:#include <math.h>
+lcurses/compat-5.2.h:#include <stddef.h>
+lcurses/compat-5.2.h:#include <string.h>
+lcurses/compat-5.2.h:#include <stdio.h>
+lcurses/compat-5.2.h:#include "../lua.h"
+lcurses/compat-5.2.h:#include "../lauxlib.h"
+lcurses/compat-5.2.h:#include "../lualib.h"
+lcurses/compat-5.2.h:#include <limits.h>
+lcurses/curses.c:#include "_helpers.c"
+lcurses/curses.c:#include "strlcpy.c"
+lcurses/curses.c:#include "chstr.c"
+lcurses/curses.c:#include "window.c"
+lcurses/strlcpy.c:#include <sys/types.h>
+lcurses/strlcpy.c:#include <string.h>
+lcurses/window.c:#include "../teliva.h"
+lcurses/window.c:#include "_helpers.c"
+lcurses/window.c:#include "chstr.c"
+luasec/compat.h:#include <openssl/ssl.h>
+luasec/config.c:#include "compat.h"
+luasec/config.c:#include "options.h"
+luasec/config.c:#include "ec.h"
+luasec/context.c:#include <string.h>
+luasec/context.c:#include <windows.h>
+luasec/context.c:#include <openssl/ssl.h>
+luasec/context.c:#include <openssl/err.h>
+luasec/context.c:#include <openssl/x509.h>
+luasec/context.c:#include <openssl/x509v3.h>
+luasec/context.c:#include <openssl/dh.h>
+luasec/context.c:#include "../lua.h"
+luasec/context.c:#include "../lauxlib.h"
+luasec/context.c:#include "compat.h"
+luasec/context.c:#include "context.h"
+luasec/context.c:#include "options.h"
+luasec/context.c:#include <openssl/ec.h>
+luasec/context.c:#include "ec.h"
+luasec/context.h:#include "../lua.h"
+luasec/context.h:#include <openssl/ssl.h>
+luasec/context.h:#include "compat.h"
+luasec/ec.c:#include <openssl/objects.h>
+luasec/ec.c:#include "ec.h"
+luasec/ec.h:#include "../lua.h"
+luasec/ec.h:#include <openssl/ec.h>
+luasec/options.c:#include <openssl/ssl.h>
+luasec/options.c:#include "options.h"
+luasec/options.h:#include "compat.h"
+luasec/options.lua:#include <openssl/ssl.h>
+luasec/options.lua:#include "options.h"
+luasec/ssl.c:#include <errno.h>
+luasec/ssl.c:#include <string.h>
+luasec/ssl.c:#include <winsock2.h>
+luasec/ssl.c:#include <openssl/ssl.h>
+luasec/ssl.c:#include <openssl/x509v3.h>
+luasec/ssl.c:#include <openssl/x509_vfy.h>
+luasec/ssl.c:#include <openssl/err.h>
+luasec/ssl.c:#include <openssl/dh.h>
+luasec/ssl.c:#include "../lua.h"
+luasec/ssl.c:#include "../lauxlib.h"
+luasec/ssl.c:#include "../luasocket/io.h"
+luasec/ssl.c:#include "../luasocket/buffer.h"
+luasec/ssl.c:#include "../luasocket/timeout.h"
+luasec/ssl.c:#include "../luasocket/socket.h"
+luasec/ssl.c:#include "x509.h"
+luasec/ssl.c:#include "context.h"
+luasec/ssl.c:#include "ssl.h"
+luasec/ssl.h:#include <openssl/ssl.h>
+luasec/ssl.h:#include "../lua.h"
+luasec/ssl.h:#include "../luasocket/io.h"
+luasec/ssl.h:#include "../luasocket/buffer.h"
+luasec/ssl.h:#include "../luasocket/timeout.h"
+luasec/ssl.h:#include "../luasocket/socket.h"
+luasec/ssl.h:#include "compat.h"
+luasec/ssl.h:#include "context.h"
+luasec/x509.c:#include <stdio.h>
+luasec/x509.c:#include <string.h>
+luasec/x509.c:#include <ws2tcpip.h>
+luasec/x509.c:#include <windows.h>
+luasec/x509.c:#include <sys/types.h>
+luasec/x509.c:#include <sys/socket.h>
+luasec/x509.c:#include <netinet/in.h>
+luasec/x509.c:#include <arpa/inet.h>
+luasec/x509.c:#include <openssl/ssl.h>
+luasec/x509.c:#include <openssl/x509v3.h>
+luasec/x509.c:#include <openssl/evp.h>
+luasec/x509.c:#include <openssl/err.h>
+luasec/x509.c:#include <openssl/asn1.h>
+luasec/x509.c:#include <openssl/bio.h>
+luasec/x509.c:#include <openssl/bn.h>
+luasec/x509.c:#include "../lua.h"
+luasec/x509.c:#include "../lauxlib.h"
+luasec/x509.c:#include "x509.h"
+luasec/x509.h:#include <openssl/x509v3.h>
+luasec/x509.h:#include "../lua.h"
+luasec/x509.h:#include "compat.h"
+luasocket/auxiliar.c:#include "luasocket.h"
+luasocket/auxiliar.c:#include "auxiliar.h"
+luasocket/auxiliar.c:#include <string.h>
+luasocket/auxiliar.c:#include <stdio.h>
+luasocket/auxiliar.h:#include "luasocket.h"
+luasocket/buffer.c:#include "luasocket.h"
+luasocket/buffer.c:#include "buffer.h"
+luasocket/buffer.h:#include "luasocket.h"
+luasocket/buffer.h:#include "io.h"
+luasocket/buffer.h:#include "timeout.h"
+luasocket/compat.c:#include "luasocket.h"
+luasocket/compat.c:#include "compat.h"
+luasocket/except.c:#include "luasocket.h"
+luasocket/except.c:#include "except.h"
+luasocket/except.c:#include <stdio.h>
+luasocket/except.h:#include "luasocket.h"
+luasocket/inet.c:#include "luasocket.h"
+luasocket/inet.c:#include "inet.h"
+luasocket/inet.c:#include <stdio.h>
+luasocket/inet.c:#include <stdlib.h>
+luasocket/inet.c:#include <string.h>
+luasocket/inet.h:#include "luasocket.h"
+luasocket/inet.h:#include "socket.h"
+luasocket/inet.h:#include "timeout.h"
+luasocket/io.c:#include "luasocket.h"
+luasocket/io.c:#include "io.h"
+luasocket/io.h:#include "luasocket.h"
+luasocket/io.h:#include "timeout.h"
+luasocket/luasocket.c:#include "luasocket.h"
+luasocket/luasocket.c:#include "auxiliar.h"
+luasocket/luasocket.c:#include "except.h"
+luasocket/luasocket.c:#include "timeout.h"
+luasocket/luasocket.c:#include "buffer.h"
+luasocket/luasocket.c:#include "inet.h"
+luasocket/luasocket.c:#include "tcp.h"
+luasocket/luasocket.c:#include "udp.h"
+luasocket/luasocket.c:#include "select.h"
+luasocket/luasocket.h:#include "../lua.h"
+luasocket/luasocket.h:#include "../lauxlib.h"
+luasocket/luasocket.h:#include "compat.h"
+luasocket/mime.c:#include "luasocket.h"
+luasocket/mime.c:#include "mime.h"
+luasocket/mime.c:#include <string.h>
+luasocket/mime.c:#include <ctype.h>
+luasocket/mime.h:#include "luasocket.h"
+luasocket/options.c:#include "luasocket.h"
+luasocket/options.c:#include "auxiliar.h"
+luasocket/options.c:#include "options.h"
+luasocket/options.c:#include "inet.h"
+luasocket/options.c:#include <string.h>
+luasocket/options.h:#include "luasocket.h"
+luasocket/options.h:#include "socket.h"
+luasocket/select.c:#include "luasocket.h"
+luasocket/select.c:#include "socket.h"
+luasocket/select.c:#include "timeout.h"
+luasocket/select.c:#include "select.h"
+luasocket/select.c:#include <string.h>
+luasocket/serial.c:#include "luasocket.h"
+luasocket/serial.c:#include "auxiliar.h"
+luasocket/serial.c:#include "socket.h"
+luasocket/serial.c:#include "options.h"
+luasocket/serial.c:#include "unix.h"
+luasocket/serial.c:#include <string.h>
+luasocket/serial.c:#include <sys/un.h>
+luasocket/socket.h:#include "io.h"
+luasocket/socket.h:#include "wsocket.h"
+luasocket/socket.h:#include "usocket.h"
+luasocket/socket.h:#include "timeout.h"
+luasocket/tcp.c:#include "luasocket.h"
+luasocket/tcp.c:#include "auxiliar.h"
+luasocket/tcp.c:#include "socket.h"
+luasocket/tcp.c:#include "inet.h"
+luasocket/tcp.c:#include "options.h"
+luasocket/tcp.c:#include "tcp.h"
+luasocket/tcp.c:#include <string.h>
+luasocket/tcp.h:#include "luasocket.h"
+luasocket/tcp.h:#include "buffer.h"
+luasocket/tcp.h:#include "timeout.h"
+luasocket/tcp.h:#include "socket.h"
+luasocket/timeout.c:#include "luasocket.h"
+luasocket/timeout.c:#include "auxiliar.h"
+luasocket/timeout.c:#include "timeout.h"
+luasocket/timeout.c:#include <stdio.h>
+luasocket/timeout.c:#include <limits.h>
+luasocket/timeout.c:#include <float.h>
+luasocket/timeout.c:#include <windows.h>
+luasocket/timeout.c:#include <time.h>
+luasocket/timeout.c:#include <sys/time.h>
+luasocket/timeout.h:#include "luasocket.h"
+luasocket/udp.c:#include "luasocket.h"
+luasocket/udp.c:#include "auxiliar.h"
+luasocket/udp.c:#include "socket.h"
+luasocket/udp.c:#include "inet.h"
+luasocket/udp.c:#include "options.h"
+luasocket/udp.c:#include "udp.h"
+luasocket/udp.c:#include <string.h>
+luasocket/udp.c:#include <stdlib.h>
+luasocket/udp.h:#include "luasocket.h"
+luasocket/udp.h:#include "timeout.h"
+luasocket/udp.h:#include "socket.h"
+luasocket/unix.c:#include "luasocket.h"
+luasocket/unix.c:#include "unixstream.h"
+luasocket/unix.c:#include "unixdgram.h"
+luasocket/unix.h:#include "luasocket.h"
+luasocket/unix.h:#include "buffer.h"
+luasocket/unix.h:#include "timeout.h"
+luasocket/unix.h:#include "socket.h"
+luasocket/unixdgram.c:#include "luasocket.h"
+luasocket/unixdgram.c:#include "auxiliar.h"
+luasocket/unixdgram.c:#include "socket.h"
+luasocket/unixdgram.c:#include "options.h"
+luasocket/unixdgram.c:#include "unix.h"
+luasocket/unixdgram.c:#include <string.h>
+luasocket/unixdgram.c:#include <stdlib.h>
+luasocket/unixdgram.c:#include <sys/un.h>
+luasocket/unixdgram.h:#include "unix.h"
+luasocket/unixstream.c:#include "luasocket.h"
+luasocket/unixstream.c:#include "auxiliar.h"
+luasocket/unixstream.c:#include "socket.h"
+luasocket/unixstream.c:#include "options.h"
+luasocket/unixstream.c:#include "unixstream.h"
+luasocket/unixstream.c:#include <string.h>
+luasocket/unixstream.c:#include <sys/un.h>
+luasocket/unixstream.h:#include "unix.h"
+luasocket/usocket.c:#include "luasocket.h"
+luasocket/usocket.c:#include "socket.h"
+luasocket/usocket.c:#include "pierror.h"
+luasocket/usocket.c:#include <string.h>
+luasocket/usocket.c:#include <signal.h>
+luasocket/usocket.c:#include <sys/poll.h>
+luasocket/usocket.h:#include <errno.h>
+luasocket/usocket.h:#include <unistd.h>
+luasocket/usocket.h:#include <fcntl.h>
+luasocket/usocket.h:#include <sys/types.h>
+luasocket/usocket.h:#include <sys/socket.h>
+luasocket/usocket.h:#include <sys/time.h>
+luasocket/usocket.h:#include <netdb.h>
+luasocket/usocket.h:#include <signal.h>
+luasocket/usocket.h:#include <netinet/in.h>
+luasocket/usocket.h:#include <arpa/inet.h>
+luasocket/usocket.h:#include <netinet/tcp.h>
+luasocket/usocket.h:#include <net/if.h>
+luasocket/usocket.h:#include <sys/poll.h>
+luasocket/wsocket.c:#include "luasocket.h"
+luasocket/wsocket.c:#include <string.h>
+luasocket/wsocket.c:#include "socket.h"
+luasocket/wsocket.c:#include "pierror.h"
+luasocket/wsocket.h:#include <winsock2.h>
+luasocket/wsocket.h:#include <ws2tcpip.h>

sandboxing/system_includes

@@ -0,0 +1,220 @@
+kilo.c:#include <assert.h>
+kilo.c:#include <ncurses.h>
+kilo.c:#include <stdlib.h>
+kilo.c:#include <stdio.h>
+kilo.c:#include <stdint.h>
+kilo.c:#include <errno.h>
+kilo.c:#include <string.h>
+kilo.c:#include <ctype.h>
+kilo.c:#include <time.h>
+kilo.c:#include <sys/types.h>
+kilo.c:#include <sys/time.h>
+kilo.c:#include <unistd.h>
+kilo.c:#include <fcntl.h>
+lapi.c:#include <assert.h>
+lapi.c:#include <math.h>
+lapi.c:#include <stdarg.h>
+lapi.c:#include <string.h>
+lauxlib.c:#include <ctype.h>
+lauxlib.c:#include <errno.h>
+lauxlib.c:#include <stdarg.h>
+lauxlib.c:#include <stdio.h>
+lauxlib.c:#include <stdlib.h>
+lauxlib.c:#include <string.h>
+lauxlib.h:#include <stddef.h>
+lauxlib.h:#include <stdio.h>
+lbaselib.c:#include <ctype.h>
+lbaselib.c:#include <ncurses.h>
+lbaselib.c:#include <stdio.h>
+lbaselib.c:#include <stdlib.h>
+lbaselib.c:#include <string.h>
+lcode.c:#include <stdlib.h>
+ldblib.c:#include <stdio.h>
+ldblib.c:#include <stdlib.h>
+ldblib.c:#include <string.h>
+ldebug.c:#include <stdarg.h>
+ldebug.c:#include <stddef.h>
+ldebug.c:#include <string.h>
+ldo.c:#include <setjmp.h>
+ldo.c:#include <stdio.h>
+ldo.c:#include <stdlib.h>
+ldo.c:#include <string.h>
+ldump.c:#include <stddef.h>
+lfunc.c:#include <stddef.h>
+lgc.c:#include <string.h>
+liolib.c:#include <errno.h>
+liolib.c:#include <stdio.h>
+liolib.c:#include <stdlib.h>
+liolib.c:#include <string.h>
+llex.c:#include <ctype.h>
+llex.c:#include <locale.h>
+llex.c:#include <string.h>
+llimits.h:#include <limits.h>
+llimits.h:#include <stddef.h>
+lmathlib.c:#include <stdlib.h>
+lmathlib.c:#include <math.h>
+lmem.c:#include <stddef.h>
+lmem.h:#include <stddef.h>
+loadlib.c:#include <stdlib.h>
+loadlib.c:#include <string.h>
+loadlib.c:#include <dlfcn.h>
+loadlib.c:#include <windows.h>
+loadlib.c:#include <mach-o/dyld.h>
+lobject.c:#include <ctype.h>
+lobject.c:#include <stdarg.h>
+lobject.c:#include <stdio.h>
+lobject.c:#include <stdlib.h>
+lobject.c:#include <string.h>
+lobject.h:#include <stdarg.h>
+loslib.c:#include <errno.h>
+loslib.c:#include <locale.h>
+loslib.c:#include <stdlib.h>
+loslib.c:#include <string.h>
+loslib.c:#include <time.h>
+lparser.c:#include <string.h>
+lstate.c:#include <stddef.h>
+lstring.c:#include <string.h>
+lstrlib.c:#include <ctype.h>
+lstrlib.c:#include <stddef.h>
+lstrlib.c:#include <stdio.h>
+lstrlib.c:#include <stdlib.h>
+lstrlib.c:#include <string.h>
+ltable.c:#include <math.h>
+ltable.c:#include <string.h>
+ltablib.c:#include <stddef.h>
+ltm.c:#include <string.h>
+lua.c:#include <assert.h>
+lua.c:#include <ctype.h>
+lua.c:#include <fcntl.h>
+lua.c:#include <locale.h>
+lua.c:#include <ncurses.h>
+lua.c:#include <signal.h>
+lua.c:#include <stdio.h>
+lua.c:#include <stdlib.h>
+lua.c:#include <string.h>
+lua.c:#include <time.h>
+lua.c:#include <unistd.h>
+lua.h:#include <stdarg.h>
+lua.h:#include <stddef.h>
+luaconf.h:#include <limits.h>
+luaconf.h:#include <stddef.h>
+luaconf.h:#include <assert.h>
+luaconf.h:#include <math.h>
+luaconf.h:#include <unistd.h>
+luaconf.h:#include <stdio.h>
+lundump.c:#include <string.h>
+lvm.c:#include <stdio.h>
+lvm.c:#include <stdlib.h>
+lvm.c:#include <string.h>
+lzio.c:#include <string.h>
+menu.c:#include <ncurses.h>
+menu.c:#include <string.h>
+tlv.c:#include <assert.h>
+tlv.c:#include <ncurses.h>
+tlv.c:#include <stdio.h>
+tlv.c:#include <stdlib.h>
+tlv.c:#include <string.h>
+tlv.c:#include <strings.h>
+lcurses/_helpers.c:#include <errno.h>
+lcurses/_helpers.c:#include <grp.h>
+lcurses/_helpers.c:#include <pwd.h>
+lcurses/_helpers.c:#include <stdlib.h>
+lcurses/_helpers.c:#include <string.h>
+lcurses/_helpers.c:#include <sys/stat.h>
+lcurses/_helpers.c:#include <unistd.h>
+lcurses/_helpers.c:#include <ncurses.h>
+lcurses/_helpers.c:#include <term.h>
+lcurses/compat-5.2.c:#include <errno.h>
+lcurses/compat-5.2.c:#include <string.h>
+lcurses/compat-5.2.c:#include <limits.h>
+lcurses/compat-5.2.c:#include <math.h>
+lcurses/compat-5.2.h:#include <stddef.h>
+lcurses/compat-5.2.h:#include <string.h>
+lcurses/compat-5.2.h:#include <stdio.h>
+lcurses/compat-5.2.h:#include <limits.h>
+lcurses/strlcpy.c:#include <sys/types.h>
+lcurses/strlcpy.c:#include <string.h>
+luasec/compat.h:#include <openssl/ssl.h>
+luasec/context.c:#include <string.h>
+luasec/context.c:#include <windows.h>
+luasec/context.c:#include <openssl/ssl.h>
+luasec/context.c:#include <openssl/err.h>
+luasec/context.c:#include <openssl/x509.h>
+luasec/context.c:#include <openssl/x509v3.h>
+luasec/context.c:#include <openssl/dh.h>
+luasec/context.c:#include <openssl/ec.h>
+luasec/context.h:#include <openssl/ssl.h>
+luasec/ec.c:#include <openssl/objects.h>
+luasec/ec.h:#include <openssl/ec.h>
+luasec/options.c:#include <openssl/ssl.h>
+luasec/options.lua:#include <openssl/ssl.h>
+luasec/ssl.c:#include <errno.h>
+luasec/ssl.c:#include <string.h>
+luasec/ssl.c:#include <winsock2.h>
+luasec/ssl.c:#include <openssl/ssl.h>
+luasec/ssl.c:#include <openssl/x509v3.h>
+luasec/ssl.c:#include <openssl/x509_vfy.h>
+luasec/ssl.c:#include <openssl/err.h>
+luasec/ssl.c:#include <openssl/dh.h>
+luasec/ssl.h:#include <openssl/ssl.h>
+luasec/x509.c:#include <stdio.h>
+luasec/x509.c:#include <string.h>
+luasec/x509.c:#include <ws2tcpip.h>
+luasec/x509.c:#include <windows.h>
+luasec/x509.c:#include <sys/types.h>
+luasec/x509.c:#include <sys/socket.h>
+luasec/x509.c:#include <netinet/in.h>
+luasec/x509.c:#include <arpa/inet.h>
+luasec/x509.c:#include <openssl/ssl.h>
+luasec/x509.c:#include <openssl/x509v3.h>
+luasec/x509.c:#include <openssl/evp.h>
+luasec/x509.c:#include <openssl/err.h>
+luasec/x509.c:#include <openssl/asn1.h>
+luasec/x509.c:#include <openssl/bio.h>
+luasec/x509.c:#include <openssl/bn.h>
+luasec/x509.h:#include <openssl/x509v3.h>
+luasocket/auxiliar.c:#include <string.h>
+luasocket/auxiliar.c:#include <stdio.h>
+luasocket/except.c:#include <stdio.h>
+luasocket/inet.c:#include <stdio.h>
+luasocket/inet.c:#include <stdlib.h>
+luasocket/inet.c:#include <string.h>
+luasocket/mime.c:#include <string.h>
+luasocket/mime.c:#include <ctype.h>
+luasocket/options.c:#include <string.h>
+luasocket/select.c:#include <string.h>
+luasocket/serial.c:#include <string.h>
+luasocket/serial.c:#include <sys/un.h>
+luasocket/tcp.c:#include <string.h>
+luasocket/timeout.c:#include <stdio.h>
+luasocket/timeout.c:#include <limits.h>
+luasocket/timeout.c:#include <float.h>
+luasocket/timeout.c:#include <windows.h>
+luasocket/timeout.c:#include <time.h>
+luasocket/timeout.c:#include <sys/time.h>
+luasocket/udp.c:#include <string.h>
+luasocket/udp.c:#include <stdlib.h>
+luasocket/unixdgram.c:#include <string.h>
+luasocket/unixdgram.c:#include <stdlib.h>
+luasocket/unixdgram.c:#include <sys/un.h>
+luasocket/unixstream.c:#include <string.h>
+luasocket/unixstream.c:#include <sys/un.h>
+luasocket/usocket.c:#include <string.h>
+luasocket/usocket.c:#include <signal.h>
+luasocket/usocket.c:#include <sys/poll.h>
+luasocket/usocket.h:#include <errno.h>
+luasocket/usocket.h:#include <unistd.h>
+luasocket/usocket.h:#include <fcntl.h>
+luasocket/usocket.h:#include <sys/types.h>
+luasocket/usocket.h:#include <sys/socket.h>
+luasocket/usocket.h:#include <sys/time.h>
+luasocket/usocket.h:#include <netdb.h>
+luasocket/usocket.h:#include <signal.h>
+luasocket/usocket.h:#include <netinet/in.h>
+luasocket/usocket.h:#include <arpa/inet.h>
+luasocket/usocket.h:#include <netinet/tcp.h>
+luasocket/usocket.h:#include <net/if.h>
+luasocket/usocket.h:#include <sys/poll.h>
+luasocket/wsocket.c:#include <string.h>
+luasocket/wsocket.h:#include <winsock2.h>
+luasocket/wsocket.h:#include <ws2tcpip.h>

sandboxing/unique_system_includes

@@ -0,0 +1,51 @@
+arpa/inet.h
+assert.h
+ctype.h
+dlfcn.h
+errno.h
+fcntl.h
+float.h
+grp.h
+limits.h
+locale.h
+mach-o/dyld.h
+math.h
+ncurses.h
+net/if.h
+netdb.h
+netinet/in.h
+netinet/tcp.h
+openssl/asn1.h
+openssl/bio.h
+openssl/bn.h
+openssl/dh.h
+openssl/ec.h
+openssl/err.h
+openssl/evp.h
+openssl/objects.h
+openssl/ssl.h
+openssl/x509.h
+openssl/x509_vfy.h
+openssl/x509v3.h
+pwd.h
+setjmp.h
+signal.h
+stdarg.h
+stddef.h
+stdint.h
+stdio.h
+stdlib.h
+string.h
+strings.h
+sys/poll.h
+sys/socket.h
+sys/stat.h
+sys/time.h
+sys/types.h
+sys/un.h
+term.h
+time.h
+unistd.h
+windows.h
+winsock2.h
+ws2tcpip.h