Re: WebLua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: WebLua
From: Björn De Meyer <bjorn.demeyer@...>
Date: Mon, 15 Jul 2002 19:34:52 +0200

Nick Trout wrote:
> 
> Thanks for the feedback wrt to WebLua. lhf gave me a hand and we came to a
> similar solution to ones put forward. I've ulimited memory and script
> execution time (to 1 second). All file and system scripts return an error if
> used. Hope thats all the holes plugged.
> 
> http://doris.sourceforge.net/lua/weblua.php
> 
> Nick

Oops! I retract my previous message! 
There's still a bit of a hole left! 

print(getenv("USER"));

Run using lua generates:

root

You shouldn't run the lua interpreter as root.
And you'd best disable getenv as well as it might 
be used to sniff your system. Unless you've set up 
a bogus environment for the weblua executable, 
of course.

-- 
"No one knows true heroes, for they speak not of their greatness." -- 
Daniel Remar.
Björn De Meyer 
bjorn.demeyer@pandora.be

Follow-Ups:
- Re: WebLua, Christian Vogler

References:
- RE: WebLua, Nick Trout

Prev by Date: Re: WebLua
Next by Date: RE: WebLua
Previous by thread: Re: WebLua
Next by thread: Re: WebLua
Index(es):
- Date
- Thread