Re: lua sandbox from c/c++

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: lua sandbox from c/c++
From: Coda Highland <chighland@...>
Date: Thu, 19 Apr 2012 08:57:22 -0500

On Thu, Apr 19, 2012 at 5:17 AM, forum <forumme5487@live.com> wrote:
> How can I run a safe sandbox from within a c/c++ application?
>
> I tried:
>
> "lua_pushnil(L);
> lua_setglobal(L, "io");"
>
> etc etc ...
>
> But I was still able to use them after I ran a script with "dostring" or
> "loadstring" within c/c++.
>

I personally use "packages['io'] = true" so that subsequent calls to
"require('io')" won't import the module. But that can be thwarted by a
script that knows that this is done by calling "packages['io] = nil;
require('io')" so this isn't all that secure; in my project, it's
sufficient to remind my scripters that they're not supposed to be
doing that.

For a while I was wondering if you could install a metatable on the
packages table to prevent scripts from modifying it, but I realized
that rawset() would bypass that.

There are some resources if you do a quick Google search. Check out
http://lua-users.org/wiki/SandBoxes for more information.

/s/ Adam

Follow-Ups:
- Re: lua sandbox from c/c++, Alex Queiroz
- Re: lua sandbox from c/c++, Patrick Rapin

References:
- lua sandbox from c/c++, forum

Prev by Date: Lua function syntax sugar for a digit started function name?
Next by Date: Re: lua sandbox from c/c++
Previous by thread: lua sandbox from c/c++
Next by thread: Re: lua sandbox from c/c++
Index(es):
- Date
- Thread