Hmm, there is likely some merit to that approach. I'll have to consider
In my opinion, you should go ahead and write that logic in Lua, inject
the Lua code into the environment from the host environment (so you
can treat it as part of the binding API and not part of the script)
and then lock down the metatable so that user code can't mess with it.
Likewise, you can wrap FFI calls in Lua functions, keeping the FFI
namespace as an upvalue and removing the ffi object from the global
environment so that user code can't use that, either.
There are, of course, limits to sandboxing, but it's not generally
very hard to block the obvious routes.
/s/ Adam