lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Dec 19, 2013, at 4:54 PM, Roberto Ierusalimschy <roberto@inf.puc-rio.br> wrote:

> Probably I am being too naive, but I have written a very simple sandbox
> that seems to be enough to ensure a "safe" execution of a script. It
> simply uses debug hooks to control CPU usage, finalizers to control
> memory usage, and a restricted environment (emtpy by default) to control
> what the script can call. It would be nice if other people could
> check it. (It assumes Lua 5.2.)

I suspect wiping out all the metatables would not hurt either:

debug.setmetatable( '', nil )
debug.setmetatable( 1, nil )
debug.setmetatable( function() end, nil )
debug.setmetatable( true, nil )

Don’t want these naughty ("x"):rep(100000000) and assorted other string functions to get out of control somehow.