[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: [ANN] New project: Safe Lua
- From: Stefan Reich <stefan.reich.maker.of.eye@...>
- Date: Tue, 2 Aug 2011 20:30:25 +0200
Hello Lua people!
I am currently realizing some ideas I have had for a long time
regarding fine-grained customizable sandboxes.
I had an earlier research project called "Imaginary Microcomputers"
that explored this (parts of it still online) plus a few other
projects. These projects yielded insights and prototypes; but what
they lacked was the right programming language for the job.
(Noteworthy language candidates included: Assembly, Java, Python, and
There are very interesting applications for customizable, light-weight
sandboxes that, to my knowledge, have not been realized anywhere yet.
It all starts with a system that can run untrusted code safely. And
then, optionally, you go on to connect running programs to each other
in a well-defined, restricted way.
I am happy to report that I think I have now finally found a language
that is suitable for implementing this. As you may have guessed by
now: It's Lua :)
Lua seems to provide all the necessary means to create real sandboxes
and extend/modify them the way I want. Even CPU and memory consumption
can be limited which is an important feature that many other candidate
languages I looked at did not provide.
Here's the project homepage: http://safelua.sf.net
I made a first release with a very simple script runner (safelua.lua)
and two examples, downloadable from the project page.
A general note: I don't intend to really "own" this project. I do want
to maintain my own page about it. And maybe maintain some sort of
steering oversight because I have a vision I want to see realized.
Other than that, I really do welcome any and all collaboration here.
And of course, you can always fork the thing if you feel that your
vision is somehow cooler (hotter?) than mine :)
In fact, if a better system exists that suits all my needs, I will be
happy to throw mine away and use that system instead. However, I don't
know of any such system yet.
So, it does look like we're building something new here.
Many components will want to be realized. A language definition for
Safe Lua (quite simple really, it's just Lua with less globals and a
bit of a new API). Safe Lua script runners, textual as well as
graphical. Some simple means to combine scripts with each other.
Standard components that take other scripts as input and/or output
(this is where the real power of the approach begins).
As for possible applications, here's a few:
-Safe, portable, mobile agents
-Execution of untrusted code without worries
-Migrating running code from one machine to another with a single click
-Cloning running programs with equally little effort
-Orthogonal or semi-orthogonal persistence
-Logging of each and all activity, including full replayability - live
-Self-unpacking data with arbitrary algorithms (procedural compression)
-A complete "Safe Lua OS" could be developed, providing perfect
portability and much better and easier to handle security than
So... well well. As I said before: Contributions, questions or ideas
will be very appreciated. (Don't flame me though... I might flame
back! *grins broadly*)
Best regards to you all,
Software enthusiast / Activist of the German revolution