Date: Mon, 13 Mar 2017 12:19:19 +0100
Subject: Re: Restricted parsing for static config files / more granular `load()` options for 5.4
On 2017-03-12 20:16, Rain Gloom wrote:
> TLDR: just like we can disable bytecode loading, we should be able to
> disable certain language constructs, creating fully sandboxed configs
> The biggest problem that simple _ENV sandboxing can't avoid is
> infinitely long running code, one would need either the debug library to
> block a script after N instructions or use their own parser.
> In more detail, what can pose the biggest problems are loops and
Both can be limited with debug.sethook.