> Rather than controlling what users can do, I would prefer to control the effect they can have. Why should they not have the benefit of a full featured language to configure your program?Probably I am being too naive, but I have written a very simple sandbox
> So, for example, assuming you are using Lua as an embedded language, run the configuration script in its own Lua state and then have a (protected) procedure to copy the resultant data structures over into your main Lua state, with verification and filtering as necessary.
that seems to be enough to ensure a "safe" execution of a script. It
simply uses debug hooks to control CPU usage, finalizers to control
memory usage, and a restricted environment (emtpy by default) to control
what the script can call. It would be nice if other people could
check it. (It assumes Lua 5.2.)