1

I am working on a framework for POS development. When this program is done, it should be able to completely separate front-end stuff, like screen layout and business rules from the back-end stuff, like hardware management.

The framework will run lua scripts that will in turn control the POS on a higher level than C would allow, hasting the development cycle.

The great problem here is that the EMV library does all the greasy work with the EMV cycle, but exposes a few callbacks to capture the transaction amount, select the credit card application (debit, credit, voucher, other), and Ask for Password so the developer can create a screen with a layout that makes sense in the application

I want to expose those callbacks to the Lua developer. However, since the framework is to be certified, I cannot trust the script writer honesty, and that he will not abuse his position to capture the passwords to rip off the customers.

That said, during the password digitizing phase, I have dummied out the internet connection libraries, all I/Os with the exception of pinpad and touch and file manipulation.

That is far from enough to protect the custumer's password. A malicious developer may just save the captured password on the Lua environment itself. I want to roll back all alterations done to the Lua State during the password input phase, so the developer will have access to his functions (say a function that detects a keypress and concatenates a '*' to a field in the screen), but all changes done to any variables during this moment will be lost.

I checked out (Clone a lua state) for an answer for that. But all I seen is that if you need to clone a state, you probably are using the API in the wrong way. Cloning a lua state is exactly what I need, since I could just clone the state for the password routine and then discard that state and resume the program on the pre-cloning state. An alternative to do just that would be fine, but I am open to other ideas...

Community
  • 1
  • 1
Luiz Menezes
  • 749
  • 7
  • 16
  • 4
    You need to create a sandbox and run untrusted code within it. Sandboxed code will be run inside temporary environment, you can delete that environment by removing the table. – Egor Skriptunoff Jan 09 '17 at 18:53
  • @EgorSkriptunoff How can I do that from C on an existing state? – Luiz Menezes Jan 09 '17 at 19:06
  • 2
    You can create sandbox with equal simplicity from Lua or from C. Sandboxes in Lua is a great and interesting topic. [1](http://lua-users.org/wiki/SandBoxes), [2](https://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox) – Egor Skriptunoff Jan 09 '17 at 19:15
  • Can't you just create a new Lua state? – lhf Jan 09 '17 at 21:19
  • @lhf If I could import all variables and functions from the main lua state... bul I think sandboxing will do... The password layout script will be a little bit more annoying to the devel, but I think that given the sensibility of the topic, they will understand... – Luiz Menezes Jan 09 '17 at 23:01
  • 1
    Interesting. So I am not the only one using Lua for POS applications, welcome to the club ;) In our experience, Lua scripts can very well be tamper-protected (code signing etc.). – Marc Balmer Jan 10 '17 at 13:20
  • @MarcBalmer I am under the impression that Lua have everything to be the POS java. At very least it is a good way to separate back-end development from front-end development. – Luiz Menezes Jan 10 '17 at 18:43
  • Indeed. We write all our POS extensions in Lua, and the low level stuff like credit card terminal protocols or coin rejectory, we have C libraries that expose functionality to Lua. So we can use Lua to e.g. talk to coin rejectors and such... – Marc Balmer Jan 11 '17 at 09:53

0 Answers0