if --keyfile argument contains lua metacharacters, it can trigger arbitrary lua
daemon/main.c
has:
if (keyfile) {
auto_free char *cmd = afmt("trust_anchors.config('%s')", keyfile);
if (!cmd) {
kr_log_error("[system] not enough memory\n");
return EXIT_FAILURE;
}
engine_cmd(engine.L, cmd, false);
lua_settop(engine.L, 0);
}
so if keyfile has a literal ')
in it, it will trigger arbitrary lua actions.
This is not a security issue, because if you can modify the filename passed to kresd you can probably do other things, but it's still not ideal. ideally, the lua stack should be manipulated directly.