On Mon, Dec 26, 2011 at 3:11 PM, David Favro
<lua@meta-dynamic.com> wrote:
Hello Gé,
Ignoring the fact that your third point may require customizing the
interpreter, why "ideally" would your second point not be accomplished by
executing the sandboxed code in an appropriate environment with a vanilla
interpreter? I mean, do you have a specific vulnerability that can be
exploited or just an uneasy feeling that it would be easy to make a mistake
(as I call it, a "superstitious vulnerability")?
If everything is done correctly it should be OK to just run everything in the appropriate environment, but that's a big if. I fix plenty of security vulnerabilities the original designer had not forseen. Disabling code that's not needed is fairly easy to do, and so I do it as a second line of defense in case the sandbox mechanism is not perfect.
Gé
-- David
