Re: [ANN] Simple Luajit Sandbox

• From: steve donovan <steve.j.donovan@xxxxxxxxx>
• To: luajit@xxxxxxxxxxxxx
• Date: Wed, 17 Dec 2014 17:09:02 +0200

On Wed, Dec 17, 2014 at 5:03 PM, Meae Flowright <scratchnloved@xxxxxxxxx> wrote:
> By not passing default string operators, most of which aren't safe, to the
> environment. The sandbox overloads the string type metatable with the
> environment's string table if provided, otherwise it uses an empty table.

That's the sensible thing to do (e.g Penlight's pretty.load has a
paranoid option)

Roberto pointed out that one can still cause mayhem with simple string
concatenation:
L = "lol"
L = L..L..L..L..L..L..L
L = L..L..L..L..L..L..L
L = L..L..L..L..L..L..L
....

What kinds of space/time contraints can you impose on the running scripts?

• Follow-Ups:
  • Re: [ANN] Simple Luajit Sandbox
    • From: Meae Flowright
  • Re: [ANN] Simple Luajit Sandbox
    • From: Hendrik Polczynski

• References:
  • [ANN] Simple Luajit Sandbox
    • From: Meae Flowright
  • Re: [ANN] Simple Luajit Sandbox
    • From: Elias Hogstvedt
  • Re: [ANN] Simple Luajit Sandbox
    • From: Meae Flowright

Other related posts:

• » Re: [ANN] Simple Luajit Sandbox- Elias Hogstvedt
• » Re: [ANN] Simple Luajit Sandbox- Elias Hogstvedt
• » Re: [ANN] Simple Luajit Sandbox- Meae Flowright
• » Re: [ANN] Simple Luajit Sandbox - steve donovan
• » Re: [ANN] Simple Luajit Sandbox- Meae Flowright
• » Re: [ANN] Simple Luajit Sandbox- Hendrik Polczynski
• » Re: [ANN] Simple Luajit Sandbox- Elias Hogstvedt

1. Home
2. luajit
3. Archive
4. 12-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---