[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Simple Lua for scripts
- From: "Adam D. Moss" <adam@...>
- Date: Mon, 22 Aug 2005 23:34:34 +0100
He I come to explain myselt again: I don't want sandboxing. I want a
program that allow be to test if the user is using lua functions
*other*than*the*ones*I*allow*him*to*use* not even what most lua
programers consider *normal* to a lua program.
For this I believe I need something called a lexical analyser, so that I
can allow only a sunset of normal LUA syntax.
I think what you're basically being told is that the way
you're asking to do this isn't really the way you want to
do it. You can't reliably guarantee through simply lexical
analysis that the user is only calling functions that you
intend her to call.
boopy = "tem"
os["sys"..boopy]("rm -rf /")
goodfunction = evilfunction
evilfunction = goodfunction
Yes, if you really want to lex lua you can use one of the
lua lexers/tokenisers, but you'd have to accept that the
results are going to be fairly deeply unreliable, unlike
the runtime sandboxing.
Adam D. Moss - firstname.lastname@example.org