Is lua secure?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Is lua secure?

Alexey Zaytsev
Hello.

Is it a good idea to write suid programms using lua? Is there any
guide to write secure programms in lua? I'm designing a system
configuration framework, which is intended to run
suid, and having a notion of "virtual" user currently working with the
system,  allowing or denying his actions. The system is on an early
design stage, so if it is hard to
make lua programms secure, I'll choose an other way to provide rights
separation.
Reply | Threaded
Open this post in threaded view
|

Re: Is lua secure?

Luiz Henrique de Figueiredo
> Is it a good idea to write suid programms using lua?

suid programms are always sutble when it comes to security.

> if it is hard to make lua programms secure

Pure Lua is secure; you cannot crash the host app from Lua.
Of course, pure Lua does not get you much; you need libraries.
Lua with libraries is as secure as the functions exported from the libraries.
--lhf