[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Lua 5.0 Alpha and api_incr_top
- From: Björn De Meyer <bjorn.demeyer@...>
- Date: Wed, 18 Sep 2002 18:40:55 +0200
Joshua Jensen wrote:
> That's all well and good, but it now requires me to know the size of the
> stack the incoming Lua script uses, so I won't crash the application.
I had not yet noticed this problem, but I basically agree
with Joshua Jensen here. From the C side it's almost impossible
to predict what the required stack size should be on
many different occasions. Yes, we could check the stack
ourselves every other time, but that is really a pain.
It may be more performant or consistent not to perform stack
checking, but it is by no means safe nor secure.
Lua allows you to make a safe sandbox for external scripts by
allowing you to make certain functions unavailable. If, however,
the scripts can crash the program by performing some deep recursive
operations, then they will be able to crash the Lua application,
leading to possible DOS problems. The sandbox has become a sand sieve.
As a compromise, the autogrowing stack would be a feature that could be
turned on and off. Off for performance, on (by default) for security.
Or maybe a C callback function that is called whenever the stack is
in risk of overflowing.
"No one knows true heroes, for they speak not of their greatness." --
Björn De Meyer