> -----Original Message----- > From: Hisham [mailto:[email protected]] > Sent: dinsdag 9 juni 2015 21:59 > To: LuaRocks developers list > Subject: Re: [Luarocks-developers] Use an environment variable inside the > config-5.1.lua > > On 9 June 2015 at 16:07, Thijs Schreijer <[email protected]> wrote: > > The config files are being read/executed in a sandbox. Hence the failure > to access the `os` table. > > > > I do see the usecase for `os.getenv`, but I'm no sandbox expert, so I'm > hesitating because I don't know what malicious things one could do with this > function exposed. > > > > Anyone else maybe? > > Well, it is a readonly function accessing things that come from the > user environment, so I suppose exposing it to the config loader > wouldn't cause surprises. > > (This does not apply to the rockspec loader, because it would make > rockspecs too fragile — it's better to have them interact with the > "outside world" through external_dependencies only, which keeps > well-defined boundaries and produces proper error messages.) > > We could add getenv support in the next release (as usual, patches are > welcome). >
Are there any other obvious candidates to expose to the config file loader? Better add them immediately... Thijs ------------------------------------------------------------------------------ _______________________________________________ Luarocks-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/luarocks-developers
