lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


So, I'm trying to sandbox a thread and I think I'm overestimating the
ability of lua_setfenv(, [thread index]) to circumvent the lexical
closure characteristics of Lua.

Basically, what I _want_ is to create a process global Lua instance,
against which I register all my C functions.

Then, for each client (this is a server application), I want to create a
sandboxed thread--chain the new env table to the old using the __index
metatable trick--from which I will execute some Lua code.

However, the only way that I can get the Lua code to see the sandboxed
environment and not the main global environment is to actually load the
code within the sandboxed thread. I had thought that Lua 5.1 would allow
me to load the code, which when I call into the defined functions from
the new thread those functions would see the sandboxed environment.

Was I mistaken? Is it necessary to load the code (via loadstring or
loadfile) only after creating and sandboxing the thread? I even tried
loading the chunk in the main thread and calling into the chunk from the
client thread, but that didn't help either.

TIA,

Bill

-- 
William Ahern <wahern@barracudanetworks.com>


--------------------------------------------------
This message was scanned for Spam, Spyware and Viruses
For more information, please visit:
http://www.barracudanetworks.com