[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Making a secure sandbox containing getfenv()
- From: "Patrick Donnelly" <batrick.donnelly@...>
- Date: Fri, 9 Nov 2007 19:56:18 -0700
I'm trying to make a sandbox that will contain getfenv. Unfortunately
this function can be used to gain access to the global environment
pretty easily (where things like the io library and os library would
be found). I'm not sure how I should add this function (along with
many other core lua functions) to the sandbox without running risks of
someone being able to access the global environment. Does anyone have
any methods for going about this? I don't want to remove anything from
the global environment.
Some things I've thought of is add all the Lua functions I want in
wrapper functions. This seems arduous and inelegant though.
"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."