Re: Making LUA safe to execute untrusted scripts

["Luc Van den Borre" <luc@...>]

| > > I'm interested in mobile code - (LUA) code received by an
| > > application from an external, perhaps untrusted source.
| > A very, very tough problem.
| Do you have details on what parts are tough besides the ones mentioned
| below?

If you needed to ensure these conditions, say, with some C code, or even a compiled executable, this would be 'hard'.
I'm hoping LUA's already existing protection mechanisms allow some problems to be solved easily, so we can focus on a
small set of the 'hard' ones.

| > > - cpu usage limitations
| > > - memory limitations
| > > - time limitations
| These would be nice, but it's not clear to me that they are necessary.
| They also cause issues when good programs that people want to use these
| resources need them.

Different scripts could have different security policies applied to them, depending on the application.
In the example I gave earlier, after I've drunk my can of coke, I don't want the coke-can script to hang around. Even if
the script doesn't unload itself, I want my application to do it. As to CPU and memory usage - there's no reason an app
can't use whatever is available, but it mustn't bring the system down by hogging them.


| >   - restrictions on memory access within the program (can't read or
| >     write arbitrary locations in memory within the process)
| Lua already does this, right?

Yes, but (how easily) can a malicious hacker find ways around this?

About the pre-emptive multi-tasking idea - has anyone tried this? I assume this would be easier to implement in version
3.3?

--Luc