How can I create a secure Lua sandbox?

by

You can set the function environment that you run the untrusted code in via setfenv(). Here’s an outline:

local env = {ipairs}
setfenv(user_script, env)
pcall(user_script)

The user_script function can only access what is in its environment. So you can then explicitly add in the functions that you want the untrusted code to have access to (whitelist). In this case the user script only has access to ipairs but nothing else (dofile, loadfile, etc).

See Lua Sandboxes for an example and more information on lua sandboxing.

More Related Contents:

  1. How do you copy a Lua table by value?
  2. Why does Lua’s length (#) operator return unexpected values?
  3. How to get number of entries in a Lua table?
  4. Safely remove items from an array table while iterating
  5. Print all local variables accessible to the current scope in Lua
  6. How to get list of directories in Lua
  7. ESP8266 NodeMCU Running Out of Heap Memory
  8. How do I run an executable using Lua?
  9. How to dump a table to console?
  10. How do I de-obfuscate a Lua script?
  11. Lua find a key from a value
  12. Get back the output of os.execute in Lua
  13. “main” function in Lua?
  14. Easiest way to make lua script wait/pause/sleep/block for a few seconds?
  15. What does LUA acronym stand for?
  16. Returning the index of a value in a Lua table
  17. Is it possible to sandbox JavaScript running in the browser?
  18. Sandbox against malicious code in a Java application
  19. Access window variable from Content Script [duplicate]
  20. Associatively sorting a table by value in Lua
  21. How to merge two tables overwriting the elements which are in both?
  22. Call a function by an external application without opening a new instance of Matlab
  23. Lua math.random not working
  24. Instagram API doesn’t find any liked posts for sandbox users
  25. Casting between void * and a pointer to member function
  26. UIImage Saving image with file name on the iPhone
  27. Sort a Table[] in Lua
  28. Please login to use the PayPal sandbox feature
  29. Python, safe, sandbox [duplicate]
  30. Looking for a practical approach to sandboxing .NET plugins

Leave a Comment