[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: controlling library load
- From: Viacheslav Usov <via.usov@...>
- Date: Sat, 24 Sep 2022 15:46:10 +0200
On Sat, Sep 24, 2022 at 1:09 AM Egor Skriptunoff
<egor.skriptunoff@gmail.com> wrote:
> You can make two different environments.
> The original environment contains the original "require" function.
This seems quite costly, but let's accept this just to understand the method.
> The untrusted environment is a proxy for the original environment, but it replaces the original "require" with your own function.
>
> You start a script in the untrusted environment, so when the script invokes "require", all your restrictions are being held.
> When the original "require" is eventually invoked, it always loads a module in the original environment, so all nested invocations of "require" will be unrestricted.
I am afraid this is too terse an explanation for me. Let's say I have
libraries X and Y that the "main" script can potentially load. I want
to let it load X, but not Y. However, if X itself requires Y, I want
to let it load Y, but the main script should still be unable to load Y
after that. If X exposes a function from Y to the main script, then it
is of course callable by it. Can you explain your method using this
example?
> P.S. Can "io.open() + file:read() + load()" be a workaround? ;-)
In my case the libraries are not really files. As I mentioned in my
original message, the built-in searchers are deleted and I use a
custom one.
Cheers,
V.