lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Duck wrote:
[...]
> Is there an easy way to restrict the behaviour of the configuration
> code? For example, so that only code which initialises tables, numbers
> and strings will be compiled? (E.g. to stop functions being defined and
> invoked during configuration.) And so that only new tables can be
> assigned into? (E.g. to stop configuration trouble such as "io.stdout =
> 7".)

If you simply remove all functions that do useful things for the environment,
then the worst any malicious code can do is to use up CPU or memory, both of
which you can test for and trap. If the users have shell access to the machine
on which this is running, then there's no point trying to lock down too far
anyway --- because they can run any arbitrary code you're basically stuffed is
someone *really* wants to interfere with your application.

However, to actually answer your question: it sounds like your best bet is to
fiddle with the compiler. Removing most of the keywords should do what you
want (it's hard to define functions if you disable the 'function' keyword!).

- --
┌── dg@cowlark.com ─── http://www.cowlark.com ───────────────────
│
│ "There does not now, nor will there ever, exist a programming language in
│ which it is the least bit hard to write bad programs." --- Flon's Axiom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHI9Msf9E0noFvlzgRAhJWAKDR9//xCjitZy/a9BzN0gV6CHyBvACfVDJK
RO2TPsTu+AqBRjHOZRNcsmU=
=bY9H
-----END PGP SIGNATURE-----