lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi,

I made a sandbox for safe execution in IRC (about as hostile as it
gets). It has worked very well. I don't think it will suit your
purposes but there are many things you could learn from it.

http://www.unm.edu/~batrick/files/sandbox.lua

I recommend running user code in a coroutine. This offers many
benefits not least of which you no longer need to worry about
setfenv/getfenv accessing inappropriate function levels. Further, if
you set the environment of their thread (using debug.setfenv), all C
functions will use that environment. Of course, any Lua functions you
add to their sandbox will need to be protected in some way.

Good luck,

-- 
-Patrick Donnelly

"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."

-Will Durant