[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [PATCH] 'data' mode for loadfile
- From: Roberto Ierusalimschy <roberto@...>
- Date: Mon, 17 Mar 2014 13:31:13 -0300
> >The data mode patch defines a new mode 'd' for loadfile which raises
> >an error at the lexical stage if any loop construct or function
> >definition has been found when loading the file. It's useful to have
> >if-statements, but for/while/repeat/goto/function are no go!
>
> An interesting idea.
>
> But those of a paranoid persuasion should probably combine it with
> other techniques (like, good old-fashioned sandboxing and such):
You do not need to be paranoic to be worried. A 12-line program like
this can trash many machines, without needing any reserved word:
a = "012345678901234567890123456789012345678901234567890123456789"
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
Modestly, I would rather use my 'protect' module [1] (which does not
need any change to the language).
[1] http://lua-users.org/lists/lua-l/2013-12/msg00406.html
-- Roberto
