tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: proplib and the jet age

On Fri, Jan 04, 2013 at 11:42:33PM +0000, Christos Zoulas wrote:
 > > >    I somewhat recently migrated one of my own projects to use lua
 > > > scripts as configuration files rather than a custom "key=value"-pair
 > > > type configuration.
 > > > [...]
 > >
 > >Obviously you do what you need to do (for whatever reasons)... but do
 > >keep in mind that in general, using Turing-complete languages for
 > >configuration is a bad thing.
 > If the sandbox excludes all function calls, it is ok, no?

Depending on what you mean by "ok".

It may be "safe" in the sense that bundles that allege to be
configuration cannot execute rm -rf /, and even "safe" in the sense
that they can't begin executing an infinite loop.

It is not "safe" in the sense that the space of possible
configurations is kept to the minimum necessary; it is also not "safe"
in the sense that the correspondence between configuration text and
resulting program behavior is kept comprehensible.

It is these latter properties that are important in the long run

David A. Holland

Home | Main Index | Thread Index | Old Index