[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Turing-incomplete Lua?
- From: Mike Ferenduros <mike@...>
- Date: Wed, 01 Dec 2004 05:50:21 +0000
You'd also want to prevent malicious scripts from eating all available
Incidentally, is this for a particular application? Off the top of my
head, I can't think of anything that would use an untrusted config file.
Jeff Koftinoff wrote:
On 30-Nov-04, at 8:55 PM, Matt Hellige wrote:
Presumably you don't want to allow configuration files to cause
infinite loops... You could probably address that with a simple
timeout in most cases, and use sandboxing for the stuff you mention.
But if you made the mini-lua grammar simple enough you could guarantee
that there would be no possibility of infinite loops. A timeout is
problematic in many ways! Please don't do things like that.
If you just restrict the grammar so that all loops have a fixed repeat
count (non-variable) and no recursive function definitions are allowed
then you don't need a sandbox and you don't need problematic
halt-sensing and you can be guaranteed that the config file will never
halt your process. I believe a system like this would be very very
Jeff Koftinoff <firstname.lastname@example.org>