[Dev-luatex] security

Taco Hoekwater taco at elvenkind.com
Mon Dec 4 17:35:30 CET 2006


Hi all,

I have just implemented the beginnings of a --safer switch.

For the moment, the switch does not really do much.
It only disables access to some Lua functions:

   os.*
   io.popen
   lfs.*

This is at the same time too much and not enough, so I welcome
any opinions on what should be allowed under --safer and what
should be forbidden.

My guess is that I should also disallow at least:

	io.open(,"w")
	io.output()

but

	os.time
	os.date
	os.clock
	os.getenv

are probably ok.

Greetings, Taco


More information about the dev-luatex mailing list