lua-l archive

Search lua-l

This index contains 143,615 documents and 1,774,615 keywords. Last update on 2023-03-09 .

381. Linux and seccomp and Lua, or: List of implicit system calls? (score: 2)

Author: "Dr. Markus Walther" <walther@...>

Date: Sun, 10 May 2009 20:22:24 +0200

Hi all, "seccomp is a simple sandboxing mechanism for the Linux kernel. It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), rea

382. Re: Controlling lua features (score: 2)

Author: steve donovan <steve.j.donovan@...>

Date: Sun, 10 May 2009 15:45:10 +0200

We definitely need one of those - I like 'Frequently Anticipated Questions'. The question is, what do your users need to do? One answer to the 'supply configuration' need would be: function read(s) i

383. Re: Using environment for OO (score: 2)

Author: "Martin C. Martin" <martin@...>

Date: Sun, 12 Apr 2009 20:57:15 -0400

You and Eike are right. In my application, the classes I'm dealing with only have a single object, so I mixed the fields in with the class. Of course, if I wanted to apply this to any class with more

384. Re: Using environment for OO (score: 2)

Author: David Given <dg@...>

Date: Fri, 10 Apr 2009 23:07:48 +0100

But, assuming I've understood what you're talking about correctly, this way you'll have to have a *different* function for every instance of the object. So x.foo and y.foo cannot refer to the same fu

385. Re: Has anyone played with theis 2D Engine (score: 2)

Author: Steven Johnson <steve@...>

Date: Thu, 19 Mar 2009 01:11:53 -0600

It was mentioned briefly about a month ago, http://lua-users.org/lists/lua-l/2009-01/msg00674.html, and once a few months earlier in connection with LuaSDL. The more recent of the two topics came jus

386. Re: When are global names registered within th VM? (score: 2)

Author: Alexander Gladysh <agladysh@...>

Date: Tue, 17 Mar 2009 10:22:13 +0300

"Putting symbols" into the global index table -- or any activity whatsoever in Lua (from Lua side, not C) is not possible without calling a function. There are no special mechanisms in Lua for setti

387. Re: Lua Security Considerations... (score: 2)

Author: Luiz Henrique de Figueiredo <lhf@...>

Date: Wed, 11 Mar 2009 15:26:56 -0300

If your app does not run Lua code provided by outside sources, then it's pretty safe, as far as Lua is concerned. If your app does run user-provided code, it does have to take special steps to make

388. Re: state of the Lua nation on resource cleanup (score: 2)

Author: Roberto Ierusalimschy <roberto@...>

Date: Mon, 16 Feb 2009 10:16:47 -0300

If you have (1) than you get (2), no? (Create the clone and call it.) But (1) seems dangerous in some scenarios. A key technique for sandboxing is this: local danger = danger_function function safe

389. Re: Interesting interaction between debug hooks, the garbage collector, and "open" VM instructions (score: 2)

Author: Mike Pall <mikelu-0902@...>

Date: Mon, 9 Feb 2009 01:30:24 +0100

This is not surprising, because it *is* a hard problem. Remember that the Java bytecode has been specifically designed to be verifiable and to be safely run in the browser and on MMU-less architectur

390. Re: [q] web-safe loadstring (score: 2)

Author: Luiz Henrique de Figueiredo <lhf@...>

Date: Fri, 17 Oct 2008 12:17:52 -0300

Since you mention web in the subject, have a look at the source of the Lua live demo: http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/#demo This simply deletes all dangerous functions before running user

391. Re: Lanes 2008 revise (score: 4)

Author: "Alexander Gladysh" <agladysh@...>

Date: Sun, 20 Jul 2008 01:39:07 +0400

Oh! My apologies, I've accidentally looked into older version Lanes archive. :-( BTW, while we're on the docs: I'd like to see short thruoughtly commented specific examples in each section -- at leas

392. Re: 'module' function setting function environment (score: 2)

Author: David Manura <dm.lua@...>

Date: Thu, 17 Jul 2008 01:41:26 +0000 (UTC)

On point 2....The intention of Lua's standard libraries seems to be that setting the environment of a C function from Lua should only be possible from the debug library--e.g. debug.setfenv rather tha

393. Re: Different behavior for coroutines in Lua and LuaJIT + Recycling Coroutines (score: 2)

Author: Graham Wakefield <lists@...>

Date: Mon, 16 Jun 2008 10:51:25 -0700

Graham Wakefield wrote: What I gathered from the list is that a coroutine that errors cannot be recycled, but one that returns with no error can have its stack cleared and be ready to be re-used. I

394. Re: Different behavior for coroutines in Lua and LuaJIT + Recycling Coroutines (score: 2)

Author: Mike Pall <mikelu-0806@...>

Date: Sun, 15 Jun 2008 22:47:31 +0200

Yes, this is the current state of affairs. Recycling coroutines is only feasible if you can control the complete execution (i.e. not for sandboxing). Usually this would be a pool of coroutines handli

395. Re: Sandbox in Lua 5.1 (score: 2)

Author: Tomas Guisasola Gorham <tomas@...>

Date: Tue, 27 May 2008 13:29:42 -0300 (BRT)

Hi Shmuel adapting it to Lua 5.1. We gave up and started the development of Rings -- which is not the same thing -- but it is still usefull in restricted cases: when there is no need to load a packag

396. Re: Sandbox in Lua 5.1 (score: 2)

Author: Shmuel Zeigerman <shmuz@...>

Date: Tue, 27 May 2008 19:20:37 +0300

Could you elaborate with regards to restrictions of Rings? (I'm currently using it for sandboxing, including loading C packages from within rings, and it seems OK.) -- Shmuel

397. Sandbox in Lua 5.1 (score: 2)

Author: "Francois Retief" <fgretief@...>

Date: Tue, 27 May 2008 14:52:13 +0200

Hello all, I have to convert a large set of Lua code from Lua 5.0 (with Compact-5.1) to Lua 5.1 One of the things that has me stumped is the implementation of a sandbox. The API more or less looks li

398. Re: Question about multi-threading in Lua (score: 2)

Author: askok@...

Date: Fri, 16 May 2008 12:15:33 +0300

I would see your case being okay using either mechanism. In general, coroutines are faster and always portable (since they require no OS side support). It comes to how much isolation / synchronizatio

399. Re: Help i'm new (score: 2)

Author: "Jim Whitehead II" <jnwhiteh@...>

Date: Wed, 7 May 2008 13:38:32 +0100

Very nice, I hadn't seen that before. I also like their take on sandboxing, by disallowing any volatile system calls, rather than handling it at the Lua level itself :P

400. Re: [ANN] live Lua demo (score: 2)

Author: Irayo <irayo.lt@...>

Date: Thu, 21 Feb 2008 22:07:08 -0600

There's also a Lua bot in #lua that can be used to experiment with Lua. The page allows you to play with the interpreter side of Lua, but I think what would really sway most people who are considerin