How can I limit lua possibilities (calling OS functions, modules, etc.)

Question

I am using Lua as a script language inside my C application.

It suits me well, but I can't understand how can I limit Lua not to call system functions, include other modules, etc.

I want Lua to be able to call only functions that are allowed by me, because user can do all kind of bad things with full Lua + Lua modules power.

possible duplicate of [How can I create a secure Lua sandbox?](http://stackoverflow.com/questions/1224708/how-can-i-create-a-secure-lua-sandbox) — Judge Maygarden, Sep 02 '10 at 15:48

score 6 · Accepted Answer · edited May 23 '17 at 12:19

6

Take a look at the Simple Sandbox on the Lua-users wiki: http://lua-users.org/wiki/SandBoxes

Related SO discussions:

edited May 23 '17 at 12:19

Community

answered Sep 02 '10 at 15:21

Corbin March

score 2 · Answer 2 · answered Sep 02 '10 at 17:47

2

Sandbox is the term you're looking for. In a nutshell, only export to Lua the functions you want the users to call. It's that simple, really.

answered Sep 02 '10 at 17:47

lhf

score 0 · Answer 3 · edited May 23 '17 at 12:12

0

You can accomplish this by not loading the os or package modules. Rather than using luaL_openlibs, see this post.

edited May 23 '17 at 12:12

Community

answered Mar 02 '13 at 18:48

Jonathan Zrake

3 Answers3