Making a secure sandbox containing getfenv()

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Making a secure sandbox containing getfenv()
From: "Patrick Donnelly" <batrick.donnelly@...>
Date: Fri, 9 Nov 2007 19:56:18 -0700

Hi,

I'm trying to make a sandbox that will contain getfenv. Unfortunately
this function can be used to gain access to the global environment
pretty easily (where things like the io library and os library would
be found). I'm not sure how I should add this function (along with
many other core lua functions) to the sandbox without running risks of
someone being able to access the global environment. Does anyone have
any methods for going about this? I don't want to remove anything from
the global environment.

Some things I've thought of is add all the Lua functions I want in
wrapper functions. This seems arduous and inelegant though.

-- 
-Patrick Donnelly

"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."

-Will Durant

Follow-Ups:
- Re: Making a secure sandbox containing getfenv(), David Manura

Prev by Date: Re: [ANN] Clue release 2
Next by Date: Re: Making a secure sandbox containing getfenv()
Previous by thread: Re: Library for multipart/form-data encoding in Lua?
Next by thread: Re: Making a secure sandbox containing getfenv()
Index(es):
- Date
- Thread