lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Thanks for your reply, I was thinking of doing it but wouldn't a user can still use rawset to forcely set 'A1' to the global table and then my metatable '__index' function will not even be called when fetching 'A1'?

On Wed, Jan 19, 2022 at 3:58 PM Flyer31 Test <flyer31@googlemail.com> wrote:
you can use metafunction __newindex and __index to screen access to
global table. If you have only a "restricted list" of such protected
elements, and youi know all the names (as "A1" in your example) - this
should work nicely.

(if you just want to protect some "accidential / unknown general
state" of Lua (which possibly is created by some user script which was
running before), it would becomes more difficult ...).

If your global table is VERY large, then also might become difficult
... most easy case is that you have only some restricted number of
global elements with known names, and you handle all __ newindex /
__index accesses to Global table "virtually" (so you re-direct the
global names as A1 to some internal names, e. g. __my__A1, and
__my__A1 is then your REAL global element) (I have described this
procedure for my SB / String buffer elements some weeks ago... this
then works very nice for global elements - typically a smaller Lua
Script has only quite few Global elements anyway... ). Then refuse of
any command as "A1=..." is straight forward (just you have to decide
what you want to do then, just ignore it, or shut down Lua ... if you
shut down Lua, then of course much more safe, if such a "protected Lua
environment" runs in its own thread usually...).

On Wed, Jan 19, 2022 at 2:36 PM Meir Shpilraien <meir@redis.com> wrote:
>
> Hi everyone,
>
> I was wondering what is the recommended way to disallow script changing the global table. The problem I am facing, assuming I provide for example an api to the users, A1, another user can do: 'A1=function ... end', and override my implementation of A1 and cause all other users to run his code.
>
> I can think of multiple ways:
> 1. Create a lua vm per script - this requires a lot of memory
> 2. Different environments per script - also might require a lot of memory
> 3. Make the global table a Readonly tables as described here: http://lua-users.org/wiki/ReadOnlyTables, though in this way user can use rawset to bypass it, and I can not use a userdata to avoid it because I can not set a usedata as a global table (and I do not want to disallow rawset).
>
> Is there any other way to lock the global table from any changes?
>
> I am using lua 5.1.5.
>
> Thanks.
>
>
> Disclaimer
>
> The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.


Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.