[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Making LUA safe to execute untrusted scripts [replay]
- From: Fred Bertsch <fb@...>
- Date: Thu, 20 Apr 2000 11:33:48 -0400 (EDT)
Sorry about the long delay replying to this one, but I've already tried to
solve the original problem. (ie: making Lua safe for untrusted scripts.)
I do it by disabling many (most?) features of the Lua language. Users are
only allowed to execute scripts which can be proven to take CPU time and
memory proportional to their length. Thus, function definitions and loops
are disabled. While this allows only very simple scripts to be written,
it is all my scripts require because they have access to a rich C++
library to manipulate the game world with. I also disabled the ability to
save state in global variables.
Oddly enough, I just recently created a webpage with this code (minus the
actual game world manipulation code) on it to give to potential employers.
You're welcome to look at it:
http://mems.ee.cornell.edu/Fred/Resume/CodeSamples/
In particular, see KBrokenLua.h and Lua.h. (Those are the C++ wrappers
for the Lua api that I use.)
Note that pretty much all the code there is copyrighted, but if some of
you want to use it, feel free to contact me, and I'll probably be willing
to let you use it. The concept behind it is pretty simple, so it
shouldn't be hard to duplicate the code, either. Here's the docs for it:
http://mems.ee.cornell.edu/Fred/Resume/CodeSamples/Conversations.html
Oh, I didn't actually prove that it's secure. In fact, I think I left in
the ability to sort a table, so I suppose it's really O( N lgN ) or
whatever the sorting algorithm in Lua is, but at least you have to work
pretty hard to bypass the security in any more serious way. Let me know
if you see any holes.
Finally, I'm still looking for a job... :)
-Fred
