[Dev-luatex] security

Hans Hagen pragma at wxs.nl
Mon Dec 4 17:49:00 CET 2006


Taco Hoekwater wrote:
> Hi all,
>
> I have just implemented the beginnings of a --safer switch.
>
> For the moment, the switch does not really do much.
> It only disables access to some Lua functions:
>
>    os.*
>    io.popen
>    lfs.*
>
> This is at the same time too much and not enough, so I welcome
> any opinions on what should be allowed under --safer and what
> should be forbidden.
>
> My guess is that I should also disallow at least:
>
> 	io.open(,"w")
> 	io.output()
>
> but
>
> 	os.time
> 	os.date
> 	os.clock
> 	os.getenv
>   
lfs.dir is also ok
> are probably ok.
>
> Greetings, Taco
> _______________________________________________
> dev-luatex mailing list
> dev-luatex at ntg.nl
> http://www.ntg.nl/mailman/listinfo/dev-luatex
>   


-- 

-----------------------------------------------------------------
                                          Hans Hagen | PRAGMA ADE
              Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
     tel: 038 477 53 69 | fax: 038 477 53 74 | www.pragma-ade.com
                                             | www.pragma-pod.nl
-----------------------------------------------------------------



More information about the dev-luatex mailing list