Re: how to restrict lua syntax for files to be loaded

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: how to restrict lua syntax for files to be loaded
From: Egor Skriptunoff <egor.skriptunoff@...>
Date: Mon, 26 Mar 2012 22:12:56 +0100 (BST)

> I want to ask whether it is able to restrict lua

> syntax in files to be loaded to prevent them to contain some malicious
> constructs like "while 1 do end". I know that config should be loaded
> in jail, but is there a way to allow only tables, assignments and
> strings in a file to be loaded as lua script?
> If not then may be it is worth to introduce such functionality?

IMHO, it is worth to introduce "super protected call" function
superpcall(maxCPUTime, maxMBytesOfMemory, f, arg1, ...)
for limiting CPU and memory usage. 
If untrusted code exceeds the limits, VM rollbacks to savepoint
just before superpcall() invocation (i.e. restores all data
as it was before running untrusted code) and returns
false, "Maximum CPU time exceeded"
or
false, "Memory limit exceeded"

--Egor

Follow-Ups:
- Re: how to restrict lua syntax for files to be loaded, pansz

References:
- how to restrict lua syntax for files to be loaded, Sergey Naumov

Prev by Date: Re: serialization of lua numbers
Next by Date: Re: how to restrict lua syntax for files to be loaded
Previous by thread: how to restrict lua syntax for files to be loaded
Next by thread: Re: how to restrict lua syntax for files to be loaded
Index(es):
- Date
- Thread