On Thu, Sep 20, 2012 at 10:44 AM, Daniel Silverstone
<dsilvers@digital-scurf.org> wrote:
On Thu, Sep 20, 2012 at 03:41:36PM +0200, Luke Gorrie wrote:
> Does this already exist as a library? if so where can I find it? if
> not anything to consider before writing it "the obvious way" using
> luasocket?
The networking side is the least of your worries if you want to accept
arbitrary scripts.
You might want to look at Supple -- http://cgit.gitano.org.uk/supple.git
Supple does the sandboxing in as complete a way as it can. It's not *quite*
release grade yet, because I can still think of one attack vector against it if
you manage to break out of a couple of the layers of protection; but it's
effective and as and when I think of attacks I code up defences and add them to
the system.
I wrote Supple to allow people to write arbitrary hooks for git services in a
trustable (or at least safe) way.
Is there something similar but without any sandboxing, for people who
want no security at all and just the simplest solution possible -
"simplest" from the technical standpoint?
Cheers & thanks,
Eduardo Ochs
