[security question] Can gopher-lua ensure a secure sandbox environment? #474
Closed
XiShanYongYe-Chang
started this conversation in
General
Replies: 2 comments
-
|
Hi @yuin , can you help take a look? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This issue has already been discussed in #27, just close this discussion. Thanks~ |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
This is a discussion about security issues, and I am not sure if using gopher-lua will introduce any security problems.
We provide a feature to run a go program in a Docker container, and the go program uses the gopher-lua library to execute user-defined Lua scripts. Since Lua scripts are completely customized by users, assuming that a user is a hacker, can they attack the environment in which the Docker container is running by writing Lua scripts?
Specifically, can users use the
dofilefunction to freely read files in the system?Beta Was this translation helpful? Give feedback.
All reactions