lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Script "security" seems to be a typical issue.

This just came up as "I want to be able to safely share the base libraries
between scripts", and frequently comes up from the other side of the fence
as "I want to sandbox individual scripts", and can even come up as
complaints about the time needed to initialize a Lua state (as you can't
trust scripts to leave the libraries and other globals unmolested).

I have to admit that I very quickly came to feel competent enough with Lua
to figure out the work arounds to these issues (Lua's just so darn well laid
out ;), but I never trust that whatever time I spend thinking about security
"what ifs" is sufficient, so.....

It would be very nice if some people donated their ideas and someone
compiled them into a simple "issues to consider / recommended practices
document".  This may already exist on the Wiki, but it would be very nice to
see this boiled down and either included with the manual as an appendix or
placed right along side the manual on the Lua sight. (um so what do you
think about that idea LHF et al?)

-----Original Message-----
[]On Behalf Of Mark Pulford
Sent: Thursday, October 09, 2003 9:33 AM
Subject: Memory limits


I've recently been toying with Lua for use in a system where 3rd
parties can submit scripts to be executed. I need to be able to catch
scripts that accidentally run away. CPU usage can be monitored through
HOOKCOUNT (which works for my purposes), however there doesn't appear
to be any way to limit memory usage easily under the interpreter.

I've attached a simple patch which creates the function

Perhaps this patch or something like it could be integrated into the
main Lua distro?

While I'm here I'd also like to thank the authors for creating Lua :).
Its been a long time since I've been this impressed by some software.

Now I just need to find more time to work with it ;).