Re: Secure Lua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Secure Lua
From: David Given <dg@...>
Date: Tue, 22 Nov 2005 00:24:06 +0000

On Tuesday 22 November 2005 00:08, Ashwin Hirschi wrote:
> > * luaopen_debug: Safe?
>
> Eh... well, I'd be careful with this one... For one thing, keep in mind the
> "debug" function will switch to "interactive mode". Unless your game (or
> other host app) has special facilities to deal with this, it's most likely
> not something you want to expose to end users.

Plus, the debug library can do wacky things with local variables, upvalues and 
function call stacks, which basically allow you to do a complete end run 
around all the sandboxing everyone else is discussing... not fun!

-- 
+- David Given --McQ-+ 
|  dg@cowlark.com    | "The README of fate is a complex program indeed."
| (dg@tao-group.com) | --- Reboot
+- www.cowlark.com --+

Attachment: pgppZdygNBlv5.pgp
Description: PGP signature

Follow-Ups:
- Re: Secure Lua, Ben Sunshine-Hill
- RE: Secure Lua, Erik Cassel

References:
- Secure Lua, Erik Cassel
- Re: Secure Lua, Ashwin Hirschi

Prev by Date: Re: Secure Lua
Next by Date: RE: Help with Lua Threads/Coroutines/(or something)
Previous by thread: Re: Secure Lua
Next by thread: Re: Secure Lua
Index(es):
- Date
- Thread