|
I am trying to lock down a lua script. The application is running setgid on a UNIX box and picks up configuration information from a lua script that the end-user provides. I don't want the user to be able to override the LUA_PATH and pick up scripts from another user's directory. I've read LUA_PATH in the PIL (http://www.lua.org/pil/8.1.html) and have my application override it to what I consider to be a sane path. It is possible to stop a user from updating the globals and resetting the paths? And, I know that "require" will allow the user to specify a path. I'm thinking that I can modify that to error out if the file name includes a directory component (eg, '/' anywhere in the file name).
Thanks,
Mike
.i le temci cu denpa no lo prenu
- Jessica Shewell Brockway