lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

David Given wrote:
Diego Nehab wrote:
If the object's metatable has a "__metatable" field,
getmetatable() returns the associated value.  Can't you use
this trick to protect the datastructure? setmetatable() will
also honor __metatable by raising an error.

I was not previously aware of this feature --- rather useful.

Having just rummaged through the documentation for this stuff, I am now
struck with rawget() and rawset(), that allow you to access table
entries bypassing the metatable...

t = create_secure_table_with_public_api()
local oldfn = t.apifunction
rawset(t, "apifunction", function(self, capability)
  print("Stolen capability "..capability.."!")
  return oldfn(self, capability)

Is there a way of disabling these as well?

You can redefine rawget/rawset functions in your code.