lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> >function equals()
> >	return DATE
> >end
> [...]
> >f = loadstring("return function() return equals() end")
> >xxx(f)

> That's because equals still has the old env. setfenv(x,f) does not affect
> the env of equals. I'm sorry, using setfenv can defy intutition, as Wim has
> described in http://lua-users.org/lists/lua-l/2003-02/msg00547.html .

Well, then I have a problem with sandbox' security.

While string compiled with loadstring() is evaluated in a safe sandbox,
function that are called from that chunk could freely refer to globals,
like os.execute. Right?

Is it possible to fake env. used by functions called from the chuck?


-- 
Regards, max.