Re: LuaJIT FFI __gc metamethod?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LuaJIT FFI __gc metamethod?
From: Josh Haberman <jhaberman@...>
Date: Mon, 28 Feb 2011 21:23:15 +0000 (UTC)

Mike Pall <mikelu-1102 <at> mike.de> writes:
> That's not a viable approach for sandboxing. The only reasonably
> safe way to run untrusted/malicious Lua scripts is to sandbox it
> at the process level.

What you are saying applies only to FFI, right?  Without FFI,
can't either Lua or LuaJIT be very tightly sandboxed in-process
with an approach like this?
  http://lua-users.org/wiki/SandBoxes

This might be a reason to maintain both FFI and non-FFI bindings
for C libraries: FFI for speed, non-FFI when robust sandboxing of
untrusted code is required.

If this analysis is sound, I think my FFI bindings will indeed
use the ctype finalizer support you have just added, since the
cdata-wrapping userdata isn't actually any more secure than
giving the user a cdata directly, from a sandboxing perspective
(it's just a little bit more obscure).

Josh

Follow-Ups:
- Re: LuaJIT FFI __gc metamethod?, Mike Pall

References:
- LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall

Prev by Date: Re: Making luaconf.h settings available in Lua
Next by Date: Public APIs and documentation (was: Re: LuaJIT FFI __gc metamethod?)
Previous by thread: Re: LuaJIT FFI __gc metamethod?
Next by thread: Re: LuaJIT FFI __gc metamethod?
Index(es):
- Date
- Thread