[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: One time scripts
- From: virgil@... (Virgil Smith)
- Date: Wed, 22 Oct 2003 10:02:22 -0500
Gee there's another security related question. I hope those with more time
and knowledge than I are considering these issues when cooking up Lua 6
(hint, hint :).
If you are simply failing to recognize all of the globals added by the
script then the Lua 5 specific solution would be to set the environment
table of the script (an excellent security related Lua 5 addition, that
still seems to need to be a bit stronger/simpler).
However, for a Lua4/5 solution (in the same vein with environments), set a
__newindex metamethod (tag method by Lua4 terms/interfaces) on the globals
table and redirect additions to a different table, and set a __index
meta/tag method to look up these new additions. Oops, sorry, the Lua4
method would be to use the "setglobal" and "getglobal" tag methods, not the
__newindex/__index methods.
When you are done with the script, undo the meta/tag method and set the
"different table" to nil.
-----Original Message-----
From: lua-bounces@bazar2.conectiva.com.br
[mailto:lua-bounces@bazar2.conectiva.com.br]On Behalf Of Leigh McRae
Sent: Wednesday, October 22, 2003 9:06 AM
To: Lua list
Subject: One time scripts
Using lua 4.01 and only one Lua_State, does anyone know how to make a lua
script be a one time only? I have some config files I use lua for and I can
set any of the tables in the script to nil but I still have the code around.
I need a way to kick everything out that the file had.
Leigh McRae
Lead Programmer
Rockstar Games Toronto
www.rockstargames.com
