Re: LuaJIT FFI __gc metamethod?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LuaJIT FFI __gc metamethod?
From: Mike Pall <mikelu-1102@...>
Date: Mon, 28 Feb 2011 22:45:33 +0100

Josh Haberman wrote:
> Mike Pall <mikelu-1102 <at> mike.de> writes:
> > That's not a viable approach for sandboxing. The only reasonably
> > safe way to run untrusted/malicious Lua scripts is to sandbox it
> > at the process level.
> 
> What you are saying applies only to FFI, right?  Without FFI,
> can't either Lua or LuaJIT be very tightly sandboxed in-process
> with an approach like this?
>   http://lua-users.org/wiki/SandBoxes

No, it applies to Lua in general. The advice in that page is
incomplete and outright dangerous. E.g. string.find() can lock up
your CPU and, nope, setting a hook won't help here:

string.find(string.rep("a", 50), string.rep("a?", 50)..string.rep("a", 50))

Ditto for quite a few other standard functions. And trying to
close all loopholes in your interface code, which is exposed to
the untrusted code, is near hopeless (e.g. never use tostring() in
there).

--Mike

Follow-Ups:
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman

References:
- LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman
- Re: LuaJIT FFI __gc metamethod?, Mike Pall
- Re: LuaJIT FFI __gc metamethod?, Josh Haberman

Prev by Date: Re: Public APIs and documentation (was: Re: LuaJIT FFI __gc metamethod?)
Next by Date: Re: Public APIs and documentation
Previous by thread: Re: LuaJIT FFI __gc metamethod?
Next by thread: Re: LuaJIT FFI __gc metamethod?
Index(es):
- Date
- Thread