lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> -----Original Message-----
> From: lua-l-bounces@lists.lua.org [mailto:lua-l-bounces@lists.lua.org] On
> Behalf Of Xavier Wang
> Sent: zondag 22 juni 2014 22:26
> To: Lua mailing list
> Subject: Re: [ANN] Lua 5.3.0 (work3) now available
> 
> agree with you, but I think .\?.dll and !\?.dll should keep. That can
> be used when you using Lua executable locally. add a clibs folder and
> put lua dlls into it when this is a system-wise installation, but put
> lua dll directly to lua.exe's location or to library path (when you
> copy lua.exe to that place for debugging) when it's a local
> installation.

I agree that they come in handy, but my point is that when dll's get installed there, then it is a security risk. So an advanced user can put them back in using the LUA_CPATH environment variable, but they shouldn't be in the defaults. When they are in the defaults, it is like saying; "it's ok to put them there", which really is not ok for the casual user who doesn't understand the risk of doing so.

> 
> Does !\?53.dll, .\?53.dll, !\clibs\?53.dll should added as well?
> 
> 2014-06-23 3:25 GMT+08:00 Thijs Schreijer <thijs@thijsschreijer.nl>:
> > BTW great to see the default package paths updated!
> >
> > Though I still think that the `!\?.dll` and `.\?.dll` c-paths should be
> removed, because they make it too easy for the casual user to put dll's into
> the system path (where other executables are also looking and might load
> them accidentally, as is the nature of Windows)
> >
> > 5.3 work3 package.cpath;
> > !\?.dll;
> > !\..\lib\lua\5.3\?.dll;
> > !\loadall.dll;
> > .\?.dll
> >
> > The regular path has the `lua` subdirectory of the executable directory;
> `!\lua\?.lua`. Can't a similar subdirectory for clibs be added? So the dll's
> stay out of the system path, while the interpreter itself is in the system
> path.
> >
> > Proposed package.cpath;
> > !\clib\?.dll;
> > !\..\lib\lua\5.3\?.dll;
> > !\clib\loadall.dll
> >
> > Obviously anyone could override it at any time, but imo at least the
> defaults should be as safe as possible.
> >
> > Thijs
> >
> >
> 
> 
> 
> --
> regards,
> Xavier Wang.