Re: Easy remote eval / RPC solution

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Easy remote eval / RPC solution
From: Daniel Silverstone <dsilvers@...>
Date: Thu, 20 Sep 2012 14:44:54 +0100

On Thu, Sep 20, 2012 at 03:41:36PM +0200, Luke Gorrie wrote:
> Does this already exist as a library? if so where can I find it? if
> not anything to consider before writing it "the obvious way" using
> luasocket?

The networking side is the least of your worries if you want to accept
arbitrary scripts.

You might want to look at Supple -- http://cgit.gitano.org.uk/supple.git

Supple does the sandboxing in as complete a way as it can.  It's not *quite*
release grade yet, because I can still think of one attack vector against it if
you manage to break out of a couple of the layers of protection; but it's
effective and as and when I think of attacks I code up defences and add them to
the system.

I wrote Supple to allow people to write arbitrary hooks for git services in a
trustable (or at least safe) way.

D.

-- 
Daniel Silverstone                         http://www.digital-scurf.org/
PGP mail accepted and encouraged.            Key Id: 3CCE BABE 206C 3B69

Follow-Ups:
- Re: Easy remote eval / RPC solution, Eduardo Ochs

References:
- Easy remote eval / RPC solution, Luke Gorrie

Prev by Date: Easy remote eval / RPC solution
Next by Date: Re: Easy remote eval / RPC solution
Previous by thread: Easy remote eval / RPC solution
Next by thread: Re: Easy remote eval / RPC solution
Index(es):
- Date
- Thread