Re: Secure tables in Lua: Summary

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Secure tables in Lua: Summary
From: Michal Kolodziejczyk <miko@...>
Date: Tue, 15 Jul 2008 17:28:38 +0200

David Given wrote:

Diego Nehab wrote:
[...]

If the object's metatable has a "__metatable" field,
getmetatable() returns the associated value.  Can't you use
this trick to protect the datastructure? setmetatable() will
also honor __metatable by raising an error.


I was not previously aware of this feature --- rather useful.

Having just rummaged through the documentation for this stuff, I am now
struck with rawget() and rawset(), that allow you to access table
entries bypassing the metatable...

t = create_secure_table_with_public_api()
local oldfn = t.apifunction
rawset(t, "apifunction", function(self, capability)
  print("Stolen capability "..capability.."!")
  return oldfn(self, capability)
end

Is there a way of disabling these as well?


You can redefine rawget/rawset functions in your code.

Regards,
	miko

References:
- Secure tables in Lua: Summary, Dr. Markus Walther
- Re: Secure tables in Lua: Summary, David Given
- Re: Secure tables in Lua: Summary, Diego Nehab
- Re: Secure tables in Lua: Summary, David Given

Prev by Date: Re: [ANN] patch-lua-5.1.3
Next by Date: Re: Does LUA_ENVIRONINDEX make LUA_GLOBALSINDEX obsolete?
Previous by thread: Re: Secure tables in Lua: Summary
Next by thread: LuaInterface version that works with LuaBinaries?
Index(es):
- Date
- Thread