Hi all, I have just implemented the beginnings of a --safer switch. For the moment, the switch does not really do much. It only disables access to some Lua functions: os.* io.popen lfs.* This is at the same time too much and not enough, so I welcome any opinions on what should be allowed under --safer and what should be forbidden. My guess is that I should also disallow at least: io.open(,"w") io.output() but os.time os.date os.clock os.getenv are probably ok. Greetings, Taco
Taco Hoekwater wrote:
Hi all,
I have just implemented the beginnings of a --safer switch.
For the moment, the switch does not really do much. It only disables access to some Lua functions:
os.* io.popen lfs.*
This is at the same time too much and not enough, so I welcome any opinions on what should be allowed under --safer and what should be forbidden.
My guess is that I should also disallow at least:
io.open(,"w") io.output()
but
os.time os.date os.clock os.getenv
lfs.dir is also ok
are probably ok.
Greetings, Taco _______________________________________________ dev-luatex mailing list dev-luatex@ntg.nl http://www.ntg.nl/mailman/listinfo/dev-luatex
-- ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com | www.pragma-pod.nl -----------------------------------------------------------------
participants (2)
-
Hans Hagen -
Taco Hoekwater