Re: [BUG] unsafe metatable paradigm

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [BUG] unsafe metatable paradigm
From: Roberto Ierusalimschy <roberto@...>
Date: Tue, 25 Jun 2019 10:14:46 -0300

> So, why is the standard IO library not sandbox-friendly (in the strict
> sense clarified above) out of the box? Is it going to lose any (intended,
> since we are sticking with it) functionality by being sandbox-friendly? Is
> it because it is (too) hard to make it so? Perhaps we might think of a
> mechanism to make this straightforward?

do
  local io = require 'io'
  local mt = getmetatable(io.stdin)
  mt.__metatable = "not your business"
end

Problem solved? Too hard?


> Or at least explain the tradeoffs somewhere?

Cons - we lose the flexibility to add new metamethods to files (no big deal);
Pros - we satisfy some nitpicking (as big a deal as desired).

-- Roberto

Follow-Ups:
- Re: [BUG] unsafe metatable paradigm, Philipp Janda
- Re: [BUG] unsafe metatable paradigm, Viacheslav Usov

References:
- [BUG] unsafe metatable paradigm, Viacheslav Usov
- Re: [BUG] unsafe metatable paradigm, nobody
- Re: [BUG] unsafe metatable paradigm, Viacheslav Usov

Prev by Date: Re: LPEG output
Next by Date: Re: LPEG output
Previous by thread: Re: [BUG] unsafe metatable paradigm
Next by thread: Re: [BUG] unsafe metatable paradigm
Index(es):
- Date
- Thread