Re: Turing-incomplete Lua?

[Mike Ferenduros <mike@...>]

You'd also want to prevent malicious scripts from eating all available 
memory.
Incidentally, is this for a particular application? Off the top of my 
head, I can't think of anything that would use an untrusted config file.


Jeff Koftinoff wrote:

> On 30-Nov-04, at 8:55 PM, Matt Hellige wrote:
>
> > Presumably you don't want to allow configuration files to cause
> > infinite loops... You could probably address that with a simple
> > timeout in most cases, and use sandboxing for the stuff you mention.
> >
> > Matt
>
> But if you made the mini-lua grammar simple enough you could guarantee 
> that there would be no possibility of infinite loops.  A timeout is 
> problematic in many ways! Please don't do things like that.
>
> If you just restrict the grammar so that all loops have a fixed repeat 
> count (non-variable) and no recursive function definitions are allowed 
> then you don't need a sandbox and you don't need problematic 
> halt-sensing and you can be guaranteed that the config file will never 
> halt your process.  I believe a system like this would be very very 
> useful.
>
> Jeff
>
> --
> Jeff Koftinoff <jeffk@jdkoftinoff.com>
> www.jdkoftinoff.com