[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Userdata/Table Unification
- From: Eero Pajarre <epajarre@...>
- Date: Mon, 26 Jul 2004 21:09:16 +0300
Mike Pall wrote:
> Ok, setmetatable() does not work on userdata objects. But you can change
> the contents of the metatable itself:
>
> u = any_userdata_constructor()
> getmetatable(u).__gc = nil -- Ouch!
> u = nil
> collectgarbage()
>
> This will lead to resource depletion in the best case (e.g. lost file
> handles) and to memory corruption in the worst case (there may be
> dangling backreferences to userdata memory).
>
> The current approach is *not* safe unless you deny the sandbox access to
> getmetatable() or use a wrapper. But then you might as well protect
> setmetatable(), too. I think the setmetatable() pseudo-safeguard provides
> a false sense of security.
>
But you can protect the real metatable from user by setting
the __metatable field in it. The protection mechanism
seems ok to me.
Eero