lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mr. Aleph wrote:
[...]
>  I worshiped design of Lua. Today I hate it (at least this `environment'
> vs `global' problem).
>  I'm ready to listen all your thoughts.

I'm going to run into this for a project I'm working on, and the
solution is straightforward; don't try to sandbox everything, but
instead write interface wrappers that run inside the sandbox but have
special conduits to the outside world (upvalues are the safest way).
They can do any additional verification that needs to be done.

For example:

sandbox.io.open = function(filename, mode)
	if (mode ~= "") and (mode ~= "r") then
		error("only read-only files are allowed")
	end
	return io.open(filename, mode)
end

require() and module() are more complicated, because they have quite a
lot of public state, and the results are simple tables which the
sandboxed code can see and modify --- you don't want your sandbox to
change your global modules. I suspect the only real approach here is to
replace them with pure-Lua versions that load the modules into the
sandbox itself. Unpleasant and costly in terms of memory, but there you go.

As for trying to sandbox CFunctions --- well, there's no way that's
going to work. So don't. Rearrange your problem to make it easier to
solve; what are you actually trying to achieve?

- --
+- David Given --McQ-+
|  dg@cowlark.com    | "Those that repeat truisms, are also forced to
| (dg@tao-group.com) | repeat them." --- Anonymous from Slashdot
+- www.cowlark.com --+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEDWEdf9E0noFvlzgRAj3bAKCf31vEyM8uXPwCyboOoYLWEl5/3ACgpuTu
0hahdrvUtRg+ForkSljCuys=
=i75c
-----END PGP SIGNATURE-----