[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: Can this be done? (loading extensions from dlls / so's at runti me)
- From: Philippe Lhoste <PhiLho@...>
- Date: Thu, 30 May 2002 17:36:04 +0200 (MEST)
> I'd vote against it. Loading libraries from a secondary source (or even
> allowing an 'include' directive) can be a security hole for scripts.
> Lua scripts are meant to be embedded in an application. If the
> application does not wish to allow the user scripts to access the system
> resources, or load outside/untrusted code, it shouldn't be allowed.
[snip]
>
> Sean Etc.
>
> On Thu, 2002-05-30 at 03:41, Asko Kauppi wrote:
> >
> > As you can see from the thread, there's N solutions already for this...
To
> > me, it seems like a thing that should be done "centrally" (= within the
> > Lua's built-in sample interpreter) and then no-one would need to have
> > secondary libraries doing the same thing.
Reread the message you quote: "within the Lua's built-in sample
interpreter", ie. within lua.c.
The system functions are in external libraries, ie. you can easily embed Lua
in your system without them, or with only a carefully selected subset of
them (eg. read-only functions).
Now, your rant makes a point, we don't want applications embedding Lua to be
as insecure as Outlook [Express] :-)
Regards.
--
--=#=--=#=--=#=--=#=--=#=--=#=--=#=--=#=--=#=--
Philippe Lhoste (Paris -- France)
Professional programmer and amateur artist
http://jove.prohosting.com/~philho/
--=#=--=#=--=#=--=#=--=#=--=#=--=#=--=#=--=#=--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
