Re: require escapes environment

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: require escapes environment
From: Andrew Gierth <andrew@...>
Date: Wed, 29 Nov 2023 14:08:11 +0000

>>>>> "Federico" == Federico Ferri <federico.ferri.it@gmail.com> writes:

 Federico> If one wants to execute a piece of lua code in a "protected"
 Federico> environment (so that functions, globals, etc... are not
 Federico> messed up afterwards), it seems the way to go is load(), with
 Federico> an environment param:
 [...]
 Federico> however, if the code to run calls require, then it escapes
 Federico> the protected environment:

'require' stores loaded modules in a table in the registry, which is
outside of any sandbox. Also it does not propagate the environment of
its caller to the loaded code.

Sandboxing require is difficult even conceptually, since require might
load C code dynamically, which of course can bypass any sandboxing. If
you need to prevent that, then you need to ensure that neither 'require'
nor the package.* library is accessible from within your sandbox.

Allowing 'require' in a controlled manner inside a sandbox takes quite a
lot of work since you essentially have to provide a whole new
implementation. As an example of the kind of work needed, here is how I
handled it in pllua, see:
https://github.com/pllua/pllua/blob/master/src/trusted.c (code)
https://pllua.github.io/pllua/#S2.8 (docs, including many caveats)

-- 
Andrew.

References:
- require escapes environment, Federico Ferri

Prev by Date: Re: Executing .lua scripts from C: approach to declare same variable names?
Next by Date: new cohort for "Building a Programming Language"
Previous by thread: Re: require escapes environment
Next by thread: Executing .lua scripts from C: approach to declare same variable names?
Index(es):
- Date
- Thread