lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Thu, Dec 19, 2013 at 6:54 PM, Roberto Ierusalimschy <> wrote:
> Rather than controlling what users can do, I would prefer to control the effect they can have. Why should they not have the benefit of a full featured language to configure your program?
> So, for example, assuming you are using Lua as an embedded language, run the configuration script in its own Lua state and then have a (protected) procedure to copy the resultant data structures over into your main Lua state, with verification and filtering as necessary.

Probably I am being too naive, but I have written a very simple sandbox
that seems to be enough to ensure a "safe" execution of a script. It
simply uses debug hooks to control CPU usage, finalizers to control
memory usage, and a restricted environment (emtpy by default) to control
what the script can call. It would be nice if other people could
check it. (It assumes Lua 5.2.)

-- Roberto

Nice idea with __gc !!!
But unfortunately, "memory usage limiter" fails to stop this simple malicious one-liner until all available memory has been exhausted:

-- track memory use
  -- maximum memory (in KB) that can be used
  local memlimit = 1000
  local mt = {__gc = function (u)
    if collectgarbage("count") > memlimit then
      error("script uses too much memory")
      setmetatable({}, getmetatable(u))
  setmetatable({}, mt)

-- memory eater
local t={}; while t do t[#t+1] = t end

Nevertheless, it will be stopped by "CPU usage limiter".