lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Wed, Oct 6, 2010 at 1:54 PM, Luiz Henrique de Figueiredo
<> wrote:
>> but Lua was more or less at the center of one of the talks given today
>> at the tech session in the OSDI 2010 conference.
> Very nice. Thanks for letting us know.
> The paper says:
> "Lua compiles to simple bytecode, which makes it relatively easy to sandbox."
> Tell that to Peter Cawley, aka Corsix :-)

Indeed. If they're using Lua 5.1, and have:
1) The load or loadstring functions from the base library, allowed to
load bytecode.
2) A nice complex function like table.concat (which it sounds like they do).
3) Optionally a few interesting functions like [sg]etmetatable and/or
[sg]etfenv from the base library.
Then I think I could make a hole in their sandbox.