> What trouble you are talking about?
The trouble is the pervasive use of the unsafe paradigm in extant library code and the obscurity of the subject.
> A metatable of a host object must not be accessible to untrusted guest code inside a sandbox.
> (independently of whether __gc field exists in the metatable or not)
I actually disagree with this as stated.
Regardless, PiL4 says this: "Such behavior is unacceptable for any Lua library. No matter how we use a library, it should neither corrupt C data nor cause the Lua system to crash" (p. 268). This statement is absolute without restrictions such as "untrusted guest code inside a sandbox". The examples I gave earlier all corrupt C data. So this issue has nothing to do with sandboxing and much to do with writing a C library properly, and the means available for that purpose.
Cheers,
V.
