lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]




On Thu, Sep 20, 2012 at 10:44 AM, Daniel Silverstone <dsilvers@digital-scurf.org> wrote:
On Thu, Sep 20, 2012 at 03:41:36PM +0200, Luke Gorrie wrote:
> Does this already exist as a library? if so where can I find it? if
> not anything to consider before writing it "the obvious way" using
> luasocket?

The networking side is the least of your worries if you want to accept
arbitrary scripts.

You might want to look at Supple -- http://cgit.gitano.org.uk/supple.git

Supple does the sandboxing in as complete a way as it can.  It's not *quite*
release grade yet, because I can still think of one attack vector against it if
you manage to break out of a couple of the layers of protection; but it's
effective and as and when I think of attacks I code up defences and add them to
the system.

I wrote Supple to allow people to write arbitrary hooks for git services in a
trustable (or at least safe) way.
 
 
Is there something similar but without any sandboxing, for people who
want no security at all and just the simplest solution possible -
"simplest" from the technical standpoint?

  Cheers & thanks,
    Eduardo Ochs
    eduardoochs@gmail.com
    http://angg.twu.net/