Re: Using Lua for config files

[Egor Skriptunoff <egor.skriptunoff@...>]

On Thu, Dec 19, 2013 at 6:54 PM, Roberto Ierusalimschy <roberto@inf.puc-rio.br> wrote:

> Rather than controlling what users can do, I would prefer to control the effect they can have. Why should they not have the benefit of a full featured language to configure your program?
>
> So, for example, assuming you are using Lua as an embedded language, run the configuration script in its own Lua state and then have a (protected) procedure to copy the resultant data structures over into your main Lua state, with verification and filtering as necessary.
>

Probably I am being too naive, but I have written a very simple sandbox
that seems to be enough to ensure a "safe" execution of a script. It
simply uses debug hooks to control CPU usage, finalizers to control
memory usage, and a restricted environment (emtpy by default) to control
what the script can call. It would be nice if other people could
check it. (It assumes Lua 5.2.)

-- Roberto

Nice idea with __gc !!!
But unfortunately, "memory usage limiter" fails to stop this simple malicious one-liner until all available memory has been exhausted:

-- track memory use
do
  -- maximum memory (in KB) that can be used
  local memlimit = 1000
  local mt = {__gc = function (u)
    if collectgarbage("count") > memlimit then
      error("script uses too much memory")
    else
      setmetatable({}, getmetatable(u))
    end
  end}
  setmetatable({}, mt)
end

-- memory eater

local t={}; while t do t[#t+1] = t end

Nevertheless, it will be stopped by "CPU usage limiter".