lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 2016-12-12 01:11, Nagaev Boris wrote:
>     Beside what Daurnimator said in a parallel thread, the sentence you
>     quoted applies to Lua source code, not bytecode.
>     —Pierre-Yves
> Lua program can load bytecode using load function.

and os.execute "rm -rf /*" and …, so you obviously have to sandbox
anything untrusted.  Assuming you removed the debug library (and ensured
that the untrusted code can't get it back),

  local old_load = load
  function     load( src, src_what, _mode, env )
    return old_load( src, src_what,   "t", env )

hard-codes the mode, forbidding binary chunks.  Without getupvalue, you
can't get it back.

-- Marco