Re: Loose sandbox

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Loose sandbox
From: Luiz Henrique de Figueiredo <lhf@...>
Date: Fri, 18 Jul 2008 08:09:23 -0300

> I am writing a program where an external user script is loaded and
> executed. Therefore it is AFAIK good practice to implement a sandbox which
> restricts the user to use only a certain set of functions. Still I would
> like to enable the user to use most of Lua's functions and restrict only
> those functions which would enable the user to break the sandbox and e.g.
> access _G.

Here's what is done in http://www.lua.org/cgi-bin/demo :

local E=debug.getregistry()
E._LOADED={}
E._LOADLIB=nil
E=nil
arg=nil
debug.debug=nil
debug.getregistry=nil
dofile=nil
io={write=io.write}
loadfile=nil
os.execute=nil
os.getenv=nil
os.remove=nil
os.rename=nil
os.tmpname=nil
package=nil
require=nil

References:
- Loose sandbox, Michael Gerbracht

Prev by Date: Re: Extract a list of keys from table
Next by Date: Re: Extract a list of keys from table
Previous by thread: Re: Loose sandbox
Next by thread: Extending the io library
Index(es):
- Date
- Thread