[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: sandboxing turns into pain in the ...
- From: David Given <dg@...>
- Date: Tue, 07 Mar 2006 10:31:57 +0000
-----BEGIN PGP SIGNED MESSAGE-----
mr. Aleph wrote:
> I worshiped design of Lua. Today I hate it (at least this `environment'
> vs `global' problem).
> I'm ready to listen all your thoughts.
I'm going to run into this for a project I'm working on, and the
solution is straightforward; don't try to sandbox everything, but
instead write interface wrappers that run inside the sandbox but have
special conduits to the outside world (upvalues are the safest way).
They can do any additional verification that needs to be done.
sandbox.io.open = function(filename, mode)
if (mode ~= "") and (mode ~= "r") then
error("only read-only files are allowed")
return io.open(filename, mode)
require() and module() are more complicated, because they have quite a
lot of public state, and the results are simple tables which the
sandboxed code can see and modify --- you don't want your sandbox to
change your global modules. I suspect the only real approach here is to
replace them with pure-Lua versions that load the modules into the
sandbox itself. Unpleasant and costly in terms of memory, but there you go.
As for trying to sandbox CFunctions --- well, there's no way that's
going to work. So don't. Rearrange your problem to make it easier to
solve; what are you actually trying to achieve?
+- David Given --McQ-+
| email@example.com | "Those that repeat truisms, are also forced to
| (firstname.lastname@example.org) | repeat them." --- Anonymous from Slashdot
+- www.cowlark.com --+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----