blob: 75acc11693c8d5bccfa8a6309e00a42d51e26c8f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Sandbox (for) Untrusted Procedure Partitioning (in) Lua Engine - Supple
=======================================================================
Supple is a tool for sandboxing untrusted code and providing security
partitioning. It deliberately operates by first forking a subprocess which is
strictly limited in what it can do. For example, only whitelisted Lua modules
may be loaded, and they are all loaded *before* any untrusted code is run. The
developer implementing Supple in their project is responsible for ensuring that
any modules loaded into the subprocess cannot break the sandbox.
In order to reduce the chance of anything breaking the sandbox, Supple always
presents remote objects as userdata and forces the use of a file descriptor in
order to allow calls back and forth between the two ends of the sandbox
connection. This means that, for example, methods can be called and passed
callback functions which can thread back and forth with only a strict nesting
requirement.
For examples of using Supple, please see the examples/ directory.
|
