[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Improved functions sandboxing in Lua and LuaJIT2
- From: Mike Pall <mikelu-1102@...>
- Date: Mon, 21 Feb 2011 12:07:33 +0100
Tymur Gubayev wrote:
> Now I'm out of ideas (ok, the very last one is to just stop executing
> script after, say, 1e5 instructions, but it's not so elegant as I
> want). Any suggestions?
> Now the LuaJIT (version 2.0.0-beta6) part:
> it's behavior is undefined if calling error() from debug hook (it's
> the only way i know to stop scripts execution).
You can call error() from debug hooks. But debug hooks are not
called from compiled code.
There is an undocumented compile option LUAJIT_ENABLE_CHECKHOOK,
which only works under certain constraints. See the description at
the end of src/lj_record.c (your use case would satisfy these
But note that your attempts to control untrusted scripts may be in
vain. E.g. string.find, string.rep and other C functions can be
abused and will either run forever or allocate unlimited amounts
of memory. This is true for both Lua and LuaJIT.
The only reasonably safe way to handle untrusted Lua scripts is to
isolate them in a process context and to make use of per-process
quotas/limits provided by the operating system.