[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: os.execute is scary;
- From: "Virgil Smith" <Virgil@...>
- Date: Wed, 28 Jan 2004 13:28:07 -0600
I'm curious as to why the extra security "checks" slow things down.
Also, I'd like to voice my own opinion that adding "enable/disable certain
library components" as a standard part of the language would be needless
fluff.
The way I "understand things" standard usage of Lua is to open a Lua state,
load up the libraries that you want, and then for fine grained control, pick
out the library bits that you don't like by just setting them to nil. If
you want finer control still (i.e. runtime control of what functions are
available) then why not just store references to the questionable functions
off in the registry and set the "normal" references to nil, and copy them
back from the registry when needed. If you don't like user scripts
exploding on nil references then you could substitute stub versions of the
functions that return an appropriate error code.
This way there are no "security checks" (though obviously calling the
enable/disable operations introduces overhead).
Just curious. :-)
-----Original Message-----
From: lua-bounces@bazar2.conectiva.com.br
[mailto:lua-bounces@bazar2.conectiva.com.br]On Behalf Of Paul Smith
Sent: Wednesday, January 28, 2004 11:37 AM
To: Lua list
Subject: Re: os.execute is scary;
At 17:15 28/01/2004, you wrote:
>>Almost all of the code is written purely in terms of the standard library
>>(one or two routines use standard Unix command-line utilities via
>>os.execute).
>
>os.execute and io.popen are scary functions. When using them, you have to
>be very certain about the contents of the strings being passed in. I'm
>going to
Whilst on that topic (or not), I thought I'd just mention what we've done
here.
We've modified the standard functions so that 'os.execute', 'os.popen' and
some other things (eg os.open etc) are classed as 'sensitive' functions.
A lua script can call a function 'io.enablesecurity("password")' which will
disable all these functions, until 'io.disablesecurity("password")' is
called.
This is because, if we make lua scripting available to users, we want to be
able to turn off these functions, so we can call our own script first which
sets security and then calls the user script.
I actually think this would be quite a nice feature in the 'normal' lua
release as it doesn't affect anything unless you use the
'io.enablesecurity' function to disable the functions, but it gives you
that flexibility. The extra security checking does slow things down a bit
(obviously), but since it's only on os type functions, they're pretty slow
anyway ;-)
Paul VPOP3 - Internet Email Server/Gateway
support@pscs.co.uk http://www.pscs.co.uk/
