Re: [ANN] Simple Luajit Sandbox

• From: Elias Hogstvedt <eliashogstvedt@xxxxxxxxx>
• To: luajit@xxxxxxxxxxxxx
• Date: Wed, 17 Dec 2014 16:34:51 +0100

Doing it from the host is the proper way.

I've tried doing it from pure Lua and I've seen others try as well but it's
just very hacky and slow if you want to do it properly.

The reason I and many others from the same or similar game modding
communities where the game can be extended with Lua have been wanting to
use something like this to for instance let players/clients run safe code
on a game server and similar things. In the community I was in the owner of
the game never bothered to add a proper way to do it so people end up doing
it from pure Lua. I have a feeling other communities have similar stories.

On Wed, Dec 17, 2014 at 4:18 PM, Hendrik Polczynski <
hendrikpolczyn@xxxxxxxxx> wrote:
>
> Why not spawn a new lua state inside a OS-thread and then you can monitor
> the thread and
> terminate it externally if it is abnormal.
>
> Only problem would be limiting the number of spawned threads and cleaning
> up memory
> after termination of the thread.
>
> I think though to have read that the close of the lua state can be called
> in any condition of the
> state (even after errors or panics), so it should clean up the memory. (at
> least when using normal Lua)
>
> 2014-12-17 16:09 GMT+01:00 steve donovan <steve.j.donovan@xxxxxxxxx>:
>>
>> On Wed, Dec 17, 2014 at 5:03 PM, Meae Flowright <scratchnloved@xxxxxxxxx>
>> wrote:
>> > By not passing default string operators, most of which aren't safe, to
>> the
>> > environment. The sandbox overloads the string type metatable with the
>> > environment's string table if provided, otherwise it uses an empty
>> table.
>>
>> That's the sensible thing to do (e.g Penlight's pretty.load has a
>> paranoid option)
>>
>> Roberto pointed out that one can still cause mayhem with simple string
>> concatenation:
>> L = "lol"
>> L = L..L..L..L..L..L..L
>> L = L..L..L..L..L..L..L
>> L = L..L..L..L..L..L..L
>> ....
>>
>> What kinds of space/time contraints can you impose on the running scripts?
>>
>>

• References:
  • [ANN] Simple Luajit Sandbox
    • From: Meae Flowright
  • Re: [ANN] Simple Luajit Sandbox
    • From: Elias Hogstvedt
  • Re: [ANN] Simple Luajit Sandbox
    • From: Meae Flowright
  • Re: [ANN] Simple Luajit Sandbox
    • From: steve donovan
  • Re: [ANN] Simple Luajit Sandbox
    • From: Hendrik Polczynski

Other related posts:

• » Re: [ANN] Simple Luajit Sandbox- Elias Hogstvedt
• » Re: [ANN] Simple Luajit Sandbox- Elias Hogstvedt
• » Re: [ANN] Simple Luajit Sandbox- Meae Flowright
• » Re: [ANN] Simple Luajit Sandbox- steve donovan
• » Re: [ANN] Simple Luajit Sandbox- Meae Flowright
• » Re: [ANN] Simple Luajit Sandbox- Hendrik Polczynski
• » Re: [ANN] Simple Luajit Sandbox - Elias Hogstvedt

1. Home
2. luajit
3. Archive
4. 12-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---