[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Simple Lua for scripts
- From: Rici Lake <lua@...>
- Date: Mon, 22 Aug 2005 19:57:07 -0500
On 22-Aug-05, at 7:38 PM, Alain wrote:
I am not sure that sandboxing can help me: I will have one lua state
for each screen, many objects will have scripts that are executed
according to screen events and may affect variables global to that
screen/Lua-state. This should be protection enough because the sum of
those events make the application. If I sandbox one script, it will
not interact with the rest of the screen, at least this is what I
understand.
That is one definition of sandbox, but the one that is being used here
is a rather simpler one. We're not talking about separating two
different environments. We're talking about setting up one environment,
which is a protected environment. A sandbox.
There are two easy things you can do:
First, don't load libraries you don't need. Then no-one can use them.
If you don't want any os interfaces, or any io, then simply take out
the call to luaopen_os. Take out luaopen_debug. Then the functions
plain and simply do not exist.
Alternatively, if you want to still let them call os.clock, but you
don't want them to call os.system, just execute this code before you
run any script:
os.system = nil
Then it's gone. (Or you could edit it out of the luaL_reg structure in
the source code, so that it was never there in the first place.)
you can remove an entire library that way:
os = nil
So put down that book on yacc :) and just do it the simple way.
