lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> >function equals()
> >	return DATE
> >end
> [...]
> >f = loadstring("return function() return equals() end")
> >xxx(f)

> That's because equals still has the old env. setfenv(x,f) does not affect
> the env of equals. I'm sorry, using setfenv can defy intutition, as Wim has
> described in .

Well, then I have a problem with sandbox' security.

While string compiled with loadstring() is evaluated in a safe sandbox,
function that are called from that chunk could freely refer to globals,
like os.execute. Right?

Is it possible to fake env. used by functions called from the chuck?

Regards, max.