[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: how to restrict lua syntax for files to be loaded
- From: Egor Skriptunoff <egor.skriptunoff@...>
- Date: Mon, 26 Mar 2012 22:12:56 +0100 (BST)
> I want to ask whether it is able to restrict lua
> syntax in files to be loaded to prevent them to contain some malicious
> constructs like "while 1 do end". I know that config should be loaded
> in jail, but is there a way to allow only tables, assignments and
> strings in a file to be loaded as lua script?
> If not then may be it is worth to introduce such functionality?
IMHO, it is worth to introduce "super protected call" function
superpcall(maxCPUTime, maxMBytesOfMemory, f, arg1, ...)
for limiting CPU and memory usage.
If untrusted code exceeds the limits, VM rollbacks to savepoint
just before superpcall() invocation (i.e. restores all data
as it was before running untrusted code) and returns
false, "Maximum CPU time exceeded"
or
false, "Memory limit exceeded"
--Egor