Re: [ANN] Simple Luajit Sandbox
- From: Meae Flowright <scratchnloved@xxxxxxxxx>
- To: luajit@xxxxxxxxxxxxx
- Date: Wed, 17 Dec 2014 10:03:26 -0500
By not passing default string operators, most of which aren't safe, to the
environment. The sandbox overloads the string type metatable with the
environment's string table if provided, otherwise it uses an empty table.
For string.rep specifically, perhaps you would use something like:
function env.string.rep(s, n, sep)
local len=#s*n + (sep and #sep or 0)*(n-1)
if len>limit then error 'Resulting string was too long' end
return string.rep(s, n, sep)
end
On Wed, Dec 17, 2014 at 9:51 AM, Elias Hogstvedt <eliashogstvedt@xxxxxxxxx>
wrote:
>
> how would you handle string operations like ("a"):rep(9999999) ?
>
> On Tue, Dec 16, 2014 at 7:19 PM, Meae Flowright <scratchnloved@xxxxxxxxx>
> wrote:
>>
>> https://github.com/Meae/luajit-sandbox
>> I've put together a basic sandbox for luajit to resemble the coroutine
>> library, prioritizing safety and simplicity over efficiency. The accounting
>> isn't perfectly accurate, and environment sharing is intentionally allowed.
>> If anyone sees other problems, particularly holes, please let me know!
>>
>> --Meae
>>
>
Other related posts:
