[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Using debugging hooks as a 'watchdog' on code execution?
- From: Mike Pall <mikelu-0801@...>
- Date: Fri, 4 Jan 2008 20:50:12 +0100
Kurt Nordstrom wrote:
> My question is, primarily, is this a bad way to go about it? The hooks
> are classified as being there for debugging purposes, and I'm essentially
> wanting to use them to create a sandbox. Are there any problems or
> pitfalls to this approach that I should be aware of? Would I be taking a
> significant performance hit with this sort of monitoring?
In your case you want the hook function to throw an error. This
also means the sandboxed scripts should not have access to pcall
or any coroutine function (and many others). I.e. grant access to
only a carefully selected subset of library functions. You'll
probably need to limit memory growth, too.