[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Discover default package.path, package.cpath?
- From: Muh Muhten <muh.muhten@...>
- Date: Fri, 4 Jan 2019 02:40:23 -0500
On 1/3/19, nobody <email@example.com> wrote:
> On 03/01/2019 23.09, Norman Ramsey wrote:
>> I suppose I can simply cause my code to crash if any of the sensitive
>> environment variables are set. Inconvenient, but safe.
> LUA_INIT can re-define os.getenv to always pretend that LUA_INIT*,
> LUA_*PATH* etc. are absent. (LUA_INIT can re-define absolutely anything
> and do whatever it wants… it could easily wrap debug.sethook,
> debug.getinfo etc. and deliver the fantasy that you want to believe in.)
Your program can even be run under an interpreter that ignores it and
runs a different program entirely; LUA_INIT is arbitrary code
What are you trying to prevent? What are you trying to protect?