lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sat, May 23, 2009 at 7:54 AM, Peter Cawley <lua@corsix.org> wrote:
> On Sat, May 23, 2009 at 3:25 AM, Patrick Donnelly <batrick@batbytes.com> wrote:
>> in the event of sandbox state corruption (e.g. infinite loop)
>
> In my opinion, a sandbox should not allow an infinite loop in the
> first place. The sandbox container should impose a limit on the
> maximum execution time of the script (with a debug instruction hook or
> similar) and abort the script when said limit expires (i.e. by
> throwing an error which is not catchable by the script itself).

Debug instruction hooks will not save you if the user were to create
an infinite loop in a C function such as string.find:

string.find(("a"):rep(1e4), ".-.-.-.-b$")

-- 
-Patrick Donnelly

"Let all men know thee, but no man know thee thoroughly: Men freely
ford that see the shallows."

- Benjamin Franklin