Menu
I'm designing simple sandbox to allow users run small lua scripts and being a bit paranoid I'm not satisfied by just putting it in restricted docker container. I wonder, if I set os and io to nil before running the script (i.e. adding these as two first lines) - will it completely prevent user from gaining access to those standard libraries? Are there any unwanted side-effects? (suppose users just need to solve some basic programming exercise, like finding n-th prime etc).
os = nil
io = nil
512
If you only set a "pointer" to nil this will still be possible...
package.loaded.os.execute('echo "That seems unwanted"')
or this
require("os").execute('echo "That too"')
In Lua all unwanted References (especially in package.loaded) should be set to nil and then it is ready for: collectgarbage()
Even if you think 'Than i set package to nil'
require("os").execute('echo "Oups - Didnt mentioned that"')
will work
Side Effects
It depends.
A well documented Sandbox should work fine.
A good Start is: Not actively developed
demo
On: Luiz Henrique de Figueiredo: Libraries and tools for Lua
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
