[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Restricting file access
- From: Roberto Ierusalimschy <roberto@...>
- Date: Fri, 13 Jun 2003 16:58:13 -0300
> I think what he's saying is that someone might *extend* the io library
> in an upwards-compatible way which results in the addition of more
> unsafe methods. For example, I might have an io library which adds
> io.opendir(d); this will not interfere with any code using the
> existing io library, except that the guardian doesn't know to delete
> it.
In my opinion, a sandbox should always list what you can do, not what
you cannot. Inside a sandbox, if something is not explicitly allowed,
than it should be forbiden.
-- Roberto
