[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Using Lua for config files
- From: Roberto Ierusalimschy <roberto@...>
- Date: Thu, 19 Dec 2013 18:19:27 -0200
> > Probably I am being too naive, but I have written a very simple sandbox
> > that seems to be enough to ensure a "safe" execution of a script. It
> > simply uses debug hooks to control CPU usage, finalizers to control
> > memory usage, and a restricted environment (emtpy by default) to control
> > what the script can call. It would be nice if other people could
> > check it. (It assumes Lua 5.2.)
>
> Me likes, although aIthough I cannot say wether is correct, so I assume it.
>
> One think I do not grok. To me it seems the memory counting function
> is set to be called in nearly all garbage collection events, so only
> on finalization, what happens if the script mount some kind of attack
> which does not generate garbage and finalize anything, ie, something
> like [[[ t = {}; while true do t = { t } end ]]] ( or a similar thing
> eating more memory and fast enough to send the system trashing before
> hitting the steplimit )
As the memory usage increases, the GC will be called eventually, and
the single object 'u' created by the script will be finalized. It does
not matter whether anything else is garbage. Just try it.
OBS: a good memory attack that does not need much instructions is this:
s = "aaaaaaaaaaaaaaaaaaaa"; while true do s = s..s end
-- Roberto