[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: Reloadable Lua "Modules"
- From: "Jerome Vuarand" <jerome.vuarand@...>
- Date: Tue, 13 Feb 2007 13:23:37 -0500
Rici Lake wrote:
> On 13-Feb-07, at 10:46 AM, Jerome Vuarand wrote:
> > I don't agree with your statement that it's impossible to
> > make a lua
> > state completely secure. If your users have only the possibility to
> > load Lua code, you can execute their code in a sandbox, where each
> > access to globals goes through proxies which ensure you're
> > not trying
> > to do malicious things. This means you can even let access
> > to most of
> > the basic Lua API. You can even prevent your user scripts from
> > entering infinite loop by adding instruction count hooks. Overall I
> > think ensuring total security in Lua is easy.
> >
> > I'd be happy to provide code examples if you can give me a
> > situation
> > that seems problematic.
>
> It seems to me that there are a couple of problematic issues,
> mostly having to do with the module system.
>
> [...]
>
> The bottom line is that it is very easy to create a fully
> secure sandbox in Lua, as long as you're prepared to severely
> restrict the use of Lua in the sandbox. If you wish to
> sandbox while preserving as many useful features of the
> language as possible, it may well be that separate states are
> a better solution, even though that inhibits data transfer.
I totally agree with you, and your conclusion. It's a question of
tradeoff between interpreter and library features versus ease of
sandboxing.
Lua power-users on the one hand, that is most people active on this
mailing list, will require at some point or another nearly all features
Lua provides, and some can be quite hard to secure. For these people the
best solution are independant Lua universes, with a way to make them
communicate. The good point is that these power-users will have no
trouble using a complex yet elegant communication scheme.
On the other hand you have all people just wanting a basic script
system. Basic programming, web design, level design, scripting of an
already exising application engine. All these people have few
requirement on the language and just perform simple API calls. They may
use full fledge Lua in their scripts, but don't mind having a more basic
(and easily securable) interface with the rest of the world.
I think most cooperative environment in Lua applications belong to the
second category. Of course you have a wide range of hybrid cases, but in
any case there is a solution, which complexity depends on the time you
can afford to spend on.
