lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


[listproc choked on this one. --lhf]

>From: Bennett Todd <bet@rahul.net>
>Date: Mon, 17 Apr 2000 20:03:13 -0400
>To: Luc Van den Borre <luc@nuclide.com>
>Cc: Multiple recipients of list <lua-l@tecgraf.puc-rio.br>

2000-04-17-18:32:48 Luc Van den Borre:
> I'm interested in mobile code - (LUA) code received by an
> application from an external, perhaps untrusted source.

A very, very tough problem.

> - restrictions on file-access
> - cpu usage limitations (which would probably mean pre-emptive
>   multitasking between scripts)
> - memory limitations (no more than a fixed amount of memory to
>   play with)
> - time limitations (run no longer than fixed amount of cycles or
>   get killed)
> - doesn't crash - or at least crashes nicely without taking down
>   the host program

Noble goals, and nicely specified. A couple more to add:

  - restrictions on memory access within the program (can't read or
    write arbitrary locations in memory within the process)
  - restrictions on other syscalls --- e.g. connect, kill, ...

I've no idea whether Lua is well-suited to applying such
restrictions, but I'll say this: if its designers felt that it was,
I'd be a _lot_ liklier to trust it in a role like this than any
competitor I've seen, including most especially Java and Javascript.

Simplicity is a virtue. Doubly so when security is a goal.

-Bennett