lua-sandbox icon indicating copy to clipboard operation
lua-sandbox copied to clipboard
verified publisher icon kikito

Improving the quota enforcer

Open UltimateEvil opened this issue 3 years ago • 0 comments

Currently the quota enforcer does not protect agains malicious scripts using pcall. This ensures an error is repeatedly called untill the stack returns to the sandbox.protect method.

A proof of concept script: dofile('sandbox.lua').run([==[while true do pcall(function() while true do end end) end ]==], {quota=100})

UltimateEvil avatar Apr 25 '22 15:04 UltimateEvil