lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Josh Haberman <jhaberman <at>> writes:
> For example, suppose you had a design
> where the entire process acts on behalf of a user

Maybe we're saying the same thing, but in different ways.
Even in the design I described, all of the user's code runs
in a process for that user, that can be killed at will --
maybe that's what you mean by "the only reasonably safe way
to run untrusted/malicious Lua scripts is to sandbox it
at the process level."

But even if you run the untrusted script in its own process,
you still need a sandbox to prevent it from making arbitrary
system calls.  ptrace(2) is one option, but AFAIK Lua (without
FFI) can be sufficiently sandboxed such that a ptrace sandbox
is not necessary.  But with FFI, it appears this is not possible.