[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Loose sandbox
- From: "Patrick Donnelly" <batrick.donnelly@...>
- Date: Thu, 17 Jul 2008 15:49:01 -0600
I made a sandbox for safe execution in IRC (about as hostile as it
gets). It has worked very well. I don't think it will suit your
purposes but there are many things you could learn from it.
I recommend running user code in a coroutine. This offers many
benefits not least of which you no longer need to worry about
setfenv/getfenv accessing inappropriate function levels. Further, if
you set the environment of their thread (using debug.setfenv), all C
functions will use that environment. Of course, any Lua functions you
add to their sandbox will need to be protected in some way.
"One of the lessons of history is that nothing is often a good thing
to do and always a clever thing to say."