[Dev-luatex] security
Hans Hagen
pragma at wxs.nl
Mon Dec 4 17:49:00 CET 2006
Taco Hoekwater wrote:
> Hi all,
>
> I have just implemented the beginnings of a --safer switch.
>
> For the moment, the switch does not really do much.
> It only disables access to some Lua functions:
>
> os.*
> io.popen
> lfs.*
>
> This is at the same time too much and not enough, so I welcome
> any opinions on what should be allowed under --safer and what
> should be forbidden.
>
> My guess is that I should also disallow at least:
>
> io.open(,"w")
> io.output()
>
> but
>
> os.time
> os.date
> os.clock
> os.getenv
>
lfs.dir is also ok
> are probably ok.
>
> Greetings, Taco
> _______________________________________________
> dev-luatex mailing list
> dev-luatex at ntg.nl
> http://www.ntg.nl/mailman/listinfo/dev-luatex
>
--
-----------------------------------------------------------------
Hans Hagen | PRAGMA ADE
Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com
| www.pragma-pod.nl
-----------------------------------------------------------------
More information about the dev-luatex
mailing list