[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Finalizers and Lua.org demo page
- From: Luiz Henrique de Figueiredo <lhf@...>
- Date: Wed, 26 Jul 2017 16:20:50 -0300
> You should redefine "load()" somehow to hide original _G from untrusted code
I may be missing something here: the demo script does not need to run
user code in a complete sandbox because it does not need to protect
itself against arbitrary changes to the global environment. It does
need to save the global functions that it uses after the user program
ends and I'm grateful for the people in this thread have who pointed
that out. It also does need to prevent the user program from accessing,
hogging or getting sensitive information from the host system. But it
does not need a complicated sandbox.
Anyway, it's a good thing that the demo script is getting several eyes
looking at it.
- References:
- Re: Finalizers and Lua.org demo page, Luiz Henrique de Figueiredo
- Re: Finalizers and Lua.org demo page, Egor Skriptunoff
- Re: Finalizers and Lua.org demo page, Mikhail Zajcev
- Re: Finalizers and Lua.org demo page, Egor Skriptunoff
- Re: Finalizers and Lua.org demo page, Mikhail Zajcev
- Re: Finalizers and Lua.org demo page, Egor Skriptunoff
- Re: Finalizers and Lua.org demo page, Mikhail Zajcev
- Re: Finalizers and Lua.org demo page, Egor Skriptunoff
- Re: Finalizers and Lua.org demo page, Mikhail Zajcev
- Re: Finalizers and Lua.org demo page, Egor Skriptunoff
