Re: sandboxing security, lua bytecode, metatables and string library

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: sandboxing security, lua bytecode, metatables and string library
From: Mildred <ml.mildred593@...>
Date: Fri, 23 Feb 2007 04:39:57 +0100

I just think it is the same problem with function environments. If lua
bytecode can access function environments, then it have access to
string.gsub environment that is the global environemnt.
That's even worse. Direct access to dangerous functions.

has the bytecode access to those metadata (metatable and environment) ?
if so, is there any way to secure a sandbox ?

Well, you can forbid bytecode (for example I'm thinking of adding extra
spaces in the loaded file) but that means you can't provide functions
like load() or so.

Mildred

-- 
Mildred       <xmpp:mildred@jabber.fr> <http://mildred632.free.fr/>
Clef GPG :    <hkp://pgp.mit.edu> ou <http://mildred632.free.fr/gpg_key>
Fingerprint : 197C A7E6 645B 4299 6D37 684B 6F9D A8D6 [9A7D 2E2B]

Follow-Ups:
- Re: sandboxing security, lua bytecode, metatables and string library, Rici Lake

References:
- sandboxing security, lua bytecode, metatables and string library, Mildred

Prev by Date: sandboxing security, lua bytecode, metatables and string library
Next by Date: Re: Ten years of lua-l
Previous by thread: sandboxing security, lua bytecode, metatables and string library
Next by thread: Re: sandboxing security, lua bytecode, metatables and string library
Index(es):
- Date
- Thread