lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]



On Dec 26, 2011, at 2:44 PM, hollyrosella@hushmail.com wrote:

Hi, everyone.  Is lua used in any applications as a sandbox for untrusted code?  I'm trying to justify my own choice of lua for this purpose, so especially cases where people would really like to break out of the sandbox would be nice to know about .

Holly

For the third World of Warcraft expansion, Daniel Stephens and I wrote a fairly rigorous sandbox to allow untrusted code to run with elevated privileges but tightly restricted information (sort of the inverse of a typical sandbox), but most of the same principles should apply. The core of it can be seen at https://github.com/tekkub/wow-ui-source/blob/live/FrameXML/RestrictedExecution.lua, and supporting files are in same directory.

Nevin Flanagan