[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: "*toclose" vs. sandboxes / embedded environments
- From: Roberto Ierusalimschy <roberto@...>
- Date: Mon, 17 Dec 2018 13:06:08 -0200
> The problem for me is that if the Lua code does anything that raises a
> PostgreSQL error, I have to limit what further calls happen to other
> backend functions until some subtransaction level that encloses the
> error is properly aborted and released. At present, I can do that easily
> because Lua code has no way to catch errors except for pcall(), and I
> replace the normal pcall() function with one that creates a
> subtransaction, lua_pcall's the specified function, and releases the
> subtransaction on either return or error (and before calling the
> supplied error handler in the case of xpcall). This guarantees that the
> Lua code can not do anything unsafe in between the generation of the
> error and its being cleaned up.
What about Sony's suggestion, of running the sandboxed code inside
a coroutine and using yields to stop the code? (BTW, that seems a
good practice for any sandbox, independently of this to-be-closed
issue.)
-- Roberto
