"*toclose" vs. sandboxes / embedded environments

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: "*toclose" vs. sandboxes / embedded environments
From: Andrew Gierth <andrew@...>
Date: Sun, 16 Dec 2018 23:23:05 +0000

Assuming I'm reading the code correctly (haven't actually tried it out
yet), one effect of the "*toclose" syntax is that:

function f()
    local *toclose c = function() a = 0//0 end
    error("err1")  -- or something that generates an error
end

has the effect of replacing the error "err1" with "attempt to divide by
zero", even in an environment in which the pcall() and xpcall()
functions (and even error()) have been removed or replaced.

This seems to me to be a significant decrease in the environment's or
sandbox's ability to control what happens in error cases. In my own
project, I am not even sure I can handle this safely; if the environment
can't exert any control over this feature, it might be impossible for me
to support 5.4 at all, which would be a great shame.

-- 
Andrew.

Follow-Ups:
- Re: "*toclose" vs. sandboxes / embedded environments, Roberto Ierusalimschy

Prev by Date: Re: "Ignore me" symbol
Next by Date: Re: "Ignore me" symbol
Previous by thread: Re: "Ignore me" symbol
Next by thread: Re: "*toclose" vs. sandboxes / embedded environments
Index(es):
- Date
- Thread