[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Simple Lua for scripts
- From: Alain <alainm@...>
- Date: Mon, 22 Aug 2005 21:03:22 -0300
Ok, those two last answers from Adam and Ben come close to explaining 1)
something that I didn't understand, 2) why I couln't explainmyself.
Security is an issue, but that was not what I am addressing here. NOW I
am very much concerned!!!
What I really wanted is this: a much simpler scripting language than
LUA, but I want LUA to execute it. Building a language is too
complicated and LUA does it well. But Lua is too complex to leave in the
hands of normal users, this is why: they will write things that don't
work, then they will call ME to fix it.
If you think that I am on the wrong track, please say so. I have been
following this Lua list for months, but I am not sure of anything anymore
Adam D. Moss escreveu:
He I come to explain myselt again: I don't want sandboxing. I want a
program that allow be to test if the user is using lua functions
*other*than*the*ones*I*allow*him*to*use* not even what most lua
programers consider *normal* to a lua program.
For this I believe I need something called a lexical analyser, so that
I can allow only a sunset of normal LUA syntax.
I think what you're basically being told is that the way
you're asking to do this isn't really the way you want to
do it. You can't reliably guarantee through simply lexical
analysis that the user is only calling functions that you
intend her to call.
boopy = "tem"
os["sys"..boopy]("rm -rf /")
goodfunction = evilfunction
evilfunction = goodfunction
Yes, if you really want to lex lua you can use one of the
lua lexers/tokenisers, but you'd have to accept that the
results are going to be fairly deeply unreliable, unlike
the runtime sandboxing.