[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: Reloadable Lua "Modules"
- From: "Jerome Vuarand" <jerome.vuarand@...>
- Date: Tue, 13 Feb 2007 10:46:05 -0500
David Given wrote:
> However, security issues are much harder. Lua basically
> doesn't do security.
> It's possible to very easily set up sandboxes where you can
> deny access to, say, loadfile() and require(), but ensuring
> that you haven't accidentally left holes in your sandbox that
> allow privileged escalation is infeasibly hard. So you can
> make it *difficult* for your programmers to break things, but
> it's very hard to make it *impossible*. Frankly, if your
> programmers aren't going to be actively malicious, I'd be
> inclined not to bother --- if you enforce decent coding
> standards and bite people's heads off if they access things
> they shouldn't, they should get the message.
I don't agree with your statement that it's impossible to make a lua
state completely secure. If your users have only the possibility to load
Lua code, you can execute their code in a sandbox, where each access to
globals goes through proxies which ensure you're not trying to do
malicious things. This means you can even let access to most of the
basic Lua API. You can even prevent your user scripts from entering
infinite loop by adding instruction count hooks. Overall I think
ensuring total security in Lua is easy.
I'd be happy to provide code examples if you can give me a situation
that seems problematic.
