On Sat, Oct 09, 2010 at 07:34:43PM -0300, Lourival Vieira Neto wrote: > > A signature only tells you whose neck to wring when the script > > misbehaves. :-) Since a Lua script running in the kernel won't be > > able to forge a pointer (right?), or conjure references to methods or > > data that weren't in its environment at the outset, you can run it > > in a highly restricted environment so that many kinds of misbehavior > > are difficult or impossible. Or I would *think* you can restrict the > > environment in that way; I wonder what Lourival thinks about that. > > I wouldn't say better =). That's exactly how I'm thinking about > address this issue: restricting access to each Lua environment. For > example, a script running in packet filtering should have access to a > different set of kernel functions than a script running in process > scheduling.
...so what do you do if the script calls a bunch of kernel functions and then crashes? -- David A. Holland [email protected]
