[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Making LUA safe to execute untrusted scripts
- From: "Luc Van den Borre" <luc@...>
- Date: Tue, 18 Apr 2000 12:33:54 +0200
| > > I'm interested in mobile code - (LUA) code received by an
| > > application from an external, perhaps untrusted source.
| > A very, very tough problem.
| Do you have details on what parts are tough besides the ones mentioned
If you needed to ensure these conditions, say, with some C code, or even a compiled executable, this would be 'hard'.
I'm hoping LUA's already existing protection mechanisms allow some problems to be solved easily, so we can focus on a
small set of the 'hard' ones.
| > > - cpu usage limitations
| > > - memory limitations
| > > - time limitations
| These would be nice, but it's not clear to me that they are necessary.
| They also cause issues when good programs that people want to use these
| resources need them.
Different scripts could have different security policies applied to them, depending on the application.
In the example I gave earlier, after I've drunk my can of coke, I don't want the coke-can script to hang around. Even if
the script doesn't unload itself, I want my application to do it. As to CPU and memory usage - there's no reason an app
can't use whatever is available, but it mustn't bring the system down by hogging them.
| > - restrictions on memory access within the program (can't read or
| > write arbitrary locations in memory within the process)
| Lua already does this, right?
Yes, but (how easily) can a malicious hacker find ways around this?
About the pre-emptive multi-tasking idea - has anyone tried this? I assume this would be easier to implement in version