[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua 5.2 beta: default module path incompatibility
- From: liam mail <liam.list@...>
- Date: Thu, 22 Sep 2011 09:14:48 +0100
On 22 September 2011 01:39, David Manura <dm.lua@math2.org> wrote:
> On Tue, Sep 20, 2011 at 7:26 AM, liam mail <liam.list@googlemail.com> wrote:
>> On 20 September 2011 12:04, Dirk Laurie <dpl@sun.ac.za> wrote:
>>> The default set in luaconf.h for both package.path and package.cpath
>>> in Lua 5.2.0 beta puts the present working directory last, whereas in
>>> Lua 5.1.4 it was put first.[...]
>>> It is difficult to understand why this change has been made. It causes
>>> any application distributed with customized versions of packages that
>>> happen to installed system-wide to break unless the application explicitly
>>> sets the path.
>
> Arguments for the new behavior were raised in [1,2].
>
> Note that the path "./?.lua" is relative to the current directory, but
> you'd probably rather search relative to the Lua executable (i.e. "!"
> style LUA_PATH in Windows / LuaDist setprogdir [3]) or relative to the
> current script [4-8]. Perl's FindBin and "use lib" [9] do this well,
> and I've contemplated writing the analogue of both modules for Lua,
> and submitting it to distributions like LuaForWindows, because the
> need is so common. IMO, "./?.lua" is a hack that introduces some
> modes of failure.
>
> [1] http://lua-users.org/lists/lua-l/2009-07/msg00106.html
> [2] http://lua-users.org/lists/lua-l/2009-05/msg00559.html
>
> [3] https://github.com/LuaDist/lua/blob/master/src/loadlib_rel.c#L68
> [4] http://lua-users.org/lists/lua-l/2011-01/msg00920.html
> [5] http://lua-users.org/lists/lua-l/2010-02/msg00683.html
> [6] http://lua-users.org/lists/lua-l/2011-02/msg01364.html
> [7] http://lua-users.org/lists/lua-l/2006-10/msg00189.html
> [8] http://lua-users.org/lists/lua-l/2003-06/msg00399.html
>
> [9] http://search.cpan.org/~jesse/perl/lib/FindBin.pm
>
>
The only argument there seems to be
"That is, above being a security risk, and not in the
control of the script, but the caller...what am I missing? I have to
parse package.path to remove those entries"
To be honest I do not understand this logic. If you are wanting to
create a sandbox then you have to modify Lua anyway and unless you do
so there is nothing I can see from stopping the caller from
reintroducing dot slash to that start of the search paths.
Liam