Search code examples
luamediawikisandbox

Use Lua sandbox with MediaWiki under Windows

I am running a MediaWiki (1.34.1) on a Windows server. The wiki contains some Lua modules which are executed by the Scribunto extension running Lua 5.1.4. Up to now I am using the luastandalone but I would like to use the luasandbox engine (should be faster).

With the lastest PHP luasandbox release 4.0.2 PECL provides a Windows DLL (https://pecl.php.net/package/LuaSandbox/4.0.2/windows).

With this DLL is it possible to run luasandbox under Windows? How can I install/configure the PHP/MediaWiki/Scribunto environment to use this DLL?

Solution

  • Yes, it is possible to use LuaSandbox under Windows with IIS, and is in fact an especially convenient way to do so, You simply install the necessary Lua binary as a PHP extension into your existing PHP interpreter (which you know is working, because MediaWiki is implemented in PHP).

    I discuss this at some length in this conversation on the MediaWiki page Extension Talk:Scribunto but I'll provide the essentials here as well:

    I did finally get Lua working under IIS on Windows 10, with PHP 8.0. The trick was, I abandoned the luaStandalone binary entirely, and instead downloaded the (just released less than 2 months ago) PHP luaSandbox extension from PECL:

    https://pecl.php.net/package/LuaSandbox

    Click on "DLL", then choose the build that matches your PHP install (for me it was PHP 8.0, x64, non-thread safe — the details are at the very top of the long, long output of php.exe -i from a command line), and download the provided zip file. After extraction, only two files are important:

    • php_luasandbox.dll, a PHP extension module that goes wherever the rest of your extensions are. (For me, C:\Program Files\PHP\v8.0\ext\.)
    • lua5.1.dll, an embeddable Lua interpreter that gets installed in the directory where the php.exe binary lives. (For me that was C:\Program Files\PHP\v8.0\, the parent directory of the extension location).

    After that, just edit your php.ini to add:

    extension=php_luasandbox.dll

    and edit LocalSettings.php to include:

    $wgScribuntoDefaultEngine = 'luasandbox';

    (making sure to remove or comment out any lines about luaStandalone).

    Relaunch IIS, and that should be that. If you have MediaWiki working at all, you've already got PHP running, so using Lua that way, as a PHP extension, just makes eminent amounts of sense.

    As I note in the MediaWiki discussion, there's some degree of controversy over this because the Lua developers themselves are sort of down on the notion of a "sandboxed Lua". They do not believe it to be a technically viable method of restricting Lua's access to and consumption of system resources. But on Windows, most of the restrictions they recommend imposing on the standalone binary are not available from the OS anyway, making the situation even more confusing/unclear.