Re: Protect global table from any changes

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Protect global table from any changes
From: Petri Häkkinen <petrih3@...>
Date: Fri, 21 Jan 2022 10:11:37 +0200

> On 21. Jan 2022, at 8.09, Flyer31 Test <flyer31@googlemail.com> wrote:
> 
> sorry, another PPS: What would you then ask Lua to do, if somebody
> would try to modify _G inside sandbox or in later code? Should Lua
> then terminate with an error message, or just ignore this modification
> approach? (I think both possibilities would be quite bad, especially
> also for sandboxing...).

This is not only about _G. In a sandboxed app you need to protect all the module tables too and potentially any tables you pass between sandbox and privileged environments. Proxying everything has a major implementation & performance cost in many applications and it’s far from being elegant.

Luau C API has a function for setting a read only flag per table. Typically in a sandboxed app you protect _G and all the module tables after startup.

Trying to modify a read only table raises a Lua runtime error so it behaves identically for example to “trying to index a nil value” error.

Petri

Follow-Ups:
- Re: Protect global table from any changes, Flyer31 Test

References:
- Re: Protect global table from any changes, Flyer31 Test

Prev by Date: Re: Enabling __eq metamethod for numbers
Next by Date: Re: Protect global table from any changes
Previous by thread: Re: Protect global table from any changes
Next by thread: Re: Protect global table from any changes
Index(es):
- Date
- Thread