lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> > I think that having a data representation language which is executable is
> > extremely dangerous and I would never use it unless the "data" came 
> > from an extremely trusted source. Basically myself. Even if I had written
> > my own interpreter for it. This is one case where data should definitely
> > be data and nothing else.
> >
> > Robert
> 
> In general I would agree to that, but it is also a very defensive point of view. I would like to see where this is going and whether it can be sandboxed well enough to be safe enough (whatever that might be). 
> If you don't try, you won't know.

If you load the data using an empty environment, the only harm it can
do is some kind of DoS. The worst kind is eating all the memory, but
that can be done with a non-executable data representation language
too (just feed too much data). It is not difficult to avoid that by
implementing a function to limit the total amount of memory used by a
Lua state (exercise 32.1 of PiL3). With hooks, it seems easy to
limit the total amount of CPU used, too (again assuming an empty
environment).

-- Roberto