WingNews logo WingNews
top | item 40836753

(no title)

grashalm | 1 year ago

Any language can be sandboxed on the VM level. It's a property of it's implementation. So you can say that Lua has no sandbox friendly implementation right now.

For example, termination you can solve by unwinding the stack in efficiently polled safepoints. You need to take down the entire sandbox-capable Lua VM instance but you can.

discuss

order

le-mark|1 year ago

Lua has debug hooks that can be used for the purpose; for example an instruction counter coupled with a pool allocator should get one quite far. I would never trust third party bytecode, only source code.

Is anyone familiar with Roblox luau security features?

Ono-Sendai|1 year ago

Luau can be sandboxed, and scripts limited in cpu and memory usage.