Page 1 of 1

Sandboxing Lua Code

PostPosted: Wed Feb 27, 2019 23:31
by v-rob
So, Mesecons has the luacontroller which can run Lua code, but it has protections against things like infinite loops/recursion, memory usage, io/os function calls, and program execution time. How does it protect against these, and how could I do the same thing?

Essentially, I want to have user-inputted Lua code that is sandboxed against malicious code as to not crash servers.

Re: Sandboxing Lua Code

PostPosted: Thu Feb 28, 2019 11:19
by wziard
Use the source, luke!

https://github.com/minetest-mods/meseco ... r/init.lua

I'm not yet really fluent enough in lua to understand everything that's going on there so I can't really tell you how I think it works, because I might be wrong. But if you want to use it you'll have to learn how it works yourself anyway. Slog through that init.lua , looking up everything you don't understand. Then you know how it works. Then you can use it.

Re: Sandboxing Lua Code

PostPosted: Thu Feb 28, 2019 18:08
by ShadMOrdre
wziard, this is classic advise.
Use the source, luke!


v-rob,

Other examples to look at are Micus' micupack mod, and the Digilines mods.

micupack, IIRC, has a sandboxed Lua controller. The varous Digilines mods also have interaction with the mesecons controller, and include their own brand of controller.

As wziard said, lots of code reading.....and May the Source be with you!

Re: Sandboxing Lua Code

PostPosted: Sat May 11, 2019 12:39
by Exilyth
The lua users wiki is not minetest specific, but has an article on sandboxing which may help:
http://lua-users.org/wiki/SandBoxes

But tbh you're probably better off learning from other mods doing sandboxing.