Restricted compile/execute mode

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Restricted compile/execute mode
From: Duck <duck@...>
Date: Sun, 28 Oct 2007 10:49:09 +1100 (EST)

Let's say I want to have an .INI-file-style or a Firefox-styleconfiguration file, with a list of setting, e.g. like this:


server.name = "example.org"
server.settings.port = 45
server.settings.timeout = 9
server.settings.softfruit = "mango"
. . .

I'd much rather simply allow the config file to be written in Lua, perhapslike this:


server = {
   name = "example.org"
   settings = { port = 45, timeout = 9, softfruit = "mango" }
}

not least because it save me doing the parsing, and maps directly andclearly onto the final internal representation of the config data.

Is there an easy way to restrict the behaviour of the configuration code?For example, so that only code which initialises tables, numbers andstrings will be compiled? (E.g. to stop functions being defined andinvoked during configuration.) And so that only new tables can be assignedinto? (E.g. to stop configuration trouble such as "io.stdout = 7".)

A token filter seems like a possible (but vulnerability-prone) way to go;some sort of stripped down Lua state might be another.


Any pointers or example code?

Follow-Ups:
- Re: Restricted compile/execute mode, David Given
- Re: Restricted compile/execute mode, Luiz Henrique de Figueiredo

Prev by Date: Re: Second class nil? Strong and weak nils in tables?
Next by Date: Re: Second class nil? Strong and weak nils in tables?
Previous by thread: Re: Newbie module require problem
Next by thread: Re: Restricted compile/execute mode
Index(es):
- Date
- Thread