Re: LuaJIT FFI __gc metamethod?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LuaJIT FFI __gc metamethod?
From: Josh Haberman <jhaberman@...>
Date: Mon, 28 Feb 2011 22:24:03 +0000 (UTC)

Josh Haberman <jhaberman <at> gmail.com> writes:
> For example, suppose you had a design
> where the entire process acts on behalf of a user

Maybe we're saying the same thing, but in different ways.
Even in the design I described, all of the user's code runs
in a process for that user, that can be killed at will --
maybe that's what you mean by "the only reasonably safe way
to run untrusted/malicious Lua scripts is to sandbox it
at the process level."

But even if you run the untrusted script in its own process,
you still need a sandbox to prevent it from making arbitrary
system calls.  ptrace(2) is one option, but AFAIK Lua (without
FFI) can be sufficiently sandboxed such that a ptrace sandbox
is not necessary.  But with FFI, it appears this is not possible.

Josh

Follow-Ups:
- Re: LuaJIT FFI __gc metamethod?, Mike Pall

References:
- LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman

Prev by Date: Re: Public APIs and documentation (was: Re: LuaJIT FFI __gc metamethod?)
Next by Date: Re: Relative imports
Previous by thread: Re: LuaJIT FFI __gc metamethod?
Next by thread: Re: LuaJIT FFI __gc metamethod?
Index(es):
- Date
- Thread