Re: Improved functions sandboxing in Lua and LuaJIT2

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Improved functions sandboxing in Lua and LuaJIT2
From: Mike Pall <mikelu-1102@...>
Date: Mon, 21 Feb 2011 12:07:33 +0100

Tymur Gubayev wrote:
> Now I'm out of ideas (ok, the very last one is to just stop executing
> script after, say, 1e5 instructions, but it's not so elegant as I
> want). Any suggestions?

http://lua-users.org/lists/lua-l/2006-06/msg00133.html

> Now the LuaJIT (version 2.0.0-beta6) part:
> 
>   it's behavior is undefined if calling error() from debug hook (it's
> the only way i know to stop scripts execution).

You can call error() from debug hooks. But debug hooks are not
called from compiled code.

There is an undocumented compile option LUAJIT_ENABLE_CHECKHOOK,
which only works under certain constraints. See the description at
the end of src/lj_record.c (your use case would satisfy these
constraints).

But note that your attempts to control untrusted scripts may be in
vain. E.g. string.find, string.rep and other C functions can be
abused and will either run forever or allocate unlimited amounts
of memory. This is true for both Lua and LuaJIT.

The only reasonably safe way to handle untrusted Lua scripts is to
isolate them in a process context and to make use of per-process
quotas/limits provided by the operating system.

--Mike

References:
- Improved functions sandboxing in Lua and LuaJIT2, Tymur Gubayev

Prev by Date: Re: LuaJIT2 performance for number crunching
Next by Date: Re: LuaJIT2 performance for number crunching
Previous by thread: Improved functions sandboxing in Lua and LuaJIT2
Next by thread: Lpeg recursive patterns, bug ?
Index(es):
- Date
- Thread