[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] Securing Lua
From: |
Alex Queiroz |
Subject: |
[Monotone-devel] Securing Lua |
Date: |
Mon, 28 Nov 2005 09:19:19 -0300 |
Hallo,
Regarding the concern about some dangerous functions in the Lua
library, it's not necessary to have a custom Lua distribution to
disable them. All one has to do is to set the functions to nil right
after the library initialisation in lua.cc:
luaopen_base(st);
luaopen_io(st);
luaopen_string(st);
luaopen_math(st);
luaopen_table(st);
luaopen_debug(st);
// disabling os.execute
lua_pushstring(st, "os");
lua_gettable(st, LUA_GLOBALSINDEX);
lua_pushstring(st, "execute");
lua_pushnil(st);
lua_settable(st, -3);
lua_pop(st, 1);
And after this the os.execute() function will be garbage collected.
--
-alex
http://www.ventonegro.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-devel] Securing Lua,
Alex Queiroz <=