[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua hits OSDI 2010
- From: Peter Cawley <lua@...>
- Date: Wed, 6 Oct 2010 19:28:49 +0100
On Wed, Oct 6, 2010 at 1:54 PM, Luiz Henrique de Figueiredo
<lhf@tecgraf.puc-rio.br> wrote:
>> but Lua was more or less at the center of one of the talks given today
>> at the tech session in the OSDI 2010 conference.
>
> Very nice. Thanks for letting us know.
>
> The paper says:
>
> "Lua compiles to simple bytecode, which makes it relatively easy to sandbox."
>
> Tell that to Peter Cawley, aka Corsix :-)
Indeed. If they're using Lua 5.1, and have:
1) The load or loadstring functions from the base library, allowed to
load bytecode.
2) A nice complex function like table.concat (which it sounds like they do).
3) Optionally a few interesting functions like [sg]etmetatable and/or
[sg]etfenv from the base library.
Then I think I could make a hole in their sandbox.