lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, May 8, 2019 at 3:08 AM Sean Conner wrote:
> I foresee the question: "Isn't it dangerous to allow untrusted code to load
> arbitrary bytecode?"

  That's why from Lua 5.2 onwards, load() has a parameter to restrict
loading of bytecode.  And a sandbox would not include load() (or a
restricted version of it).


This way untrusted code must satisfy additional restrictions to be able to run inside your sandbox.
I doubt this is practical.
Usually the author of the untrusted code knows nothing about your sandbox and the restrictions it must comply with  :-)

Ideal sandbox must run almost everything; including the possibility that the untrusted code might create its own (nested) sandbox while running inside your sandbox.
All standard Lua library functions must be emulated, but not removed.