lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 21-Nov-05, at 6:50 PM, Erik Cassel wrote:

Has anybody investigated this further than I have?  Have I missed any
potential exploits?  Any comments, especially regarding the safety of

luaopen_base: Not a problem. Just redefine the functions.

  local _dofile = dofile
  function dofile(filename)
    return _dofile(filename)

At the end of that, the original dofile is simply unavailable. (This may be slightly subject to revision after a complete analysis of the new packaging mechanism, but it certainly works on 5.0.2).

A similar technique would allow you to interpose check_path in all relevant io library functions.