 |
lua-l archive |
|
|
||
|
> >The data mode patch defines a new mode 'd' for loadfile which raisesYou do not need to be paranoic to be worried. A 12-line program like
> >an error at the lexical stage if any loop construct or function
> >definition has been found when loading the file. It's useful to have
> >if-statements, but for/while/repeat/goto/function are no go!
>
> An interesting idea.
>
> But those of a paranoid persuasion should probably combine it with
> other techniques (like, good old-fashioned sandboxing and such):
this can trash many machines, without needing any reserved word:
a = "012345678901234567890123456789012345678901234567890123456789"
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
a = a .. a .. a .. a .. a .. a .. a .. a .. a .. a
Modestly, I would rather use my 'protect' module [1] (which does not
need any change to the language).
[1] http://lua-users.org/lists/lua-l/2013-12/msg00406.html
-- Roberto