lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> Oops! I retract my previous message! 
> There's still a bit of a hole left! 
> 
> print(getenv("USER"));
> 
> Run using lua generates:
> 
> root
> 
> You shouldn't run the lua interpreter as root.
> And you'd best disable getenv as well as it might 
> be used to sniff your system. Unless you've set up 
> a bogus environment for the weblua executable, 
> of course.

Its just a PHP script so I assume the Lua script has the same priviledges as
the PHP script. So assumed if SF are prepared to let joe public set up
projects and give them root access this script would be okay as well. How
would I go about changing this?

Incidently - a bit off topic - I can only seem to capture output from the
exec or system commands in PHP if I call the command directly. I cant seem
to create a bash script and capture out from this.

eg. rl:

#!/bin/bash
ulimit -t 1
lua -f makesafe.lua $1

I can't "rl script.lua > file" in PHP and collect the output. Is there a
trick here or have can you not collect the output of bash scripts in PHP?

Nick