Re: [ANN] Lua C(omplete) Sandbox

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Lua C(omplete) Sandbox
From: Peter Cawley <lua@...>
Date: Sat, 23 May 2009 15:02:10 +0100

Then the sandbox should contain a modified string.find function which
invokes its own debug hook (or similar).

On Sat, May 23, 2009 at 2:59 PM, Patrick Donnelly <batrick@batbytes.com> wrote:
> On Sat, May 23, 2009 at 7:54 AM, Peter Cawley <lua@corsix.org> wrote:
>> On Sat, May 23, 2009 at 3:25 AM, Patrick Donnelly <batrick@batbytes.com> wrote:
>>> in the event of sandbox state corruption (e.g. infinite loop)
>>
>> In my opinion, a sandbox should not allow an infinite loop in the
>> first place. The sandbox container should impose a limit on the
>> maximum execution time of the script (with a debug instruction hook or
>> similar) and abort the script when said limit expires (i.e. by
>> throwing an error which is not catchable by the script itself).
>
> Debug instruction hooks will not save you if the user were to create
> an infinite loop in a C function such as string.find:
>
> string.find(("a"):rep(1e4), ".-.-.-.-b$")
>
> --
> -Patrick Donnelly
>
> "Let all men know thee, but no man know thee thoroughly: Men freely
> ford that see the shallows."
>
> - Benjamin Franklin
>

Follow-Ups:
- Re: [ANN] Lua C(omplete) Sandbox, Patrick Donnelly

References:
- [ANN] Lua C(omplete) Sandbox, Patrick Donnelly
- Re: [ANN] Lua C(omplete) Sandbox, Peter Cawley
- Re: [ANN] Lua C(omplete) Sandbox, Patrick Donnelly

Prev by Date: Re: [ANN] Lua C(omplete) Sandbox
Next by Date: Re: [ANN] Lua C(omplete) Sandbox
Previous by thread: Re: [ANN] Lua C(omplete) Sandbox
Next by thread: Re: [ANN] Lua C(omplete) Sandbox
Index(es):
- Date
- Thread