RE: WebLua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: RE: WebLua
From: Tom Wrensch <twrensch@...>
Date: Fri, 12 Jul 2002 14:32:45 -0700 (PDT)

On Fri, 12 Jul 2002, John Passaniti wrote:

> > N.B. I've currently disabled the "lua" button
>> ...snip..
> 
> Add a block of code that executes prior to the user's code.  That code
> would redefine all functions deemed dangerous (all the file-related
> functions) to nil.  

Or better yet, replace them with functions that can't write to or read
from a file, but still exist. For example write() could be redone as:

    function write(file,value)
        if file then
            %write(value)
        else
            %write(file)
        end
    end

Which would redirect all writes to standard out. openfile() could be
rewritten as:

    function openfile()
        return _STDOUT
    end

You'd have to be careful exactly how you did this, but I'm sure you could
protect your file system this way.

  - Tom

Prev by Date: Re: WebLua
Next by Date: Re: A good hash algorithm
Previous by thread: Re: WebLua
Next by thread: RE: WebLua
Index(es):
- Date
- Thread