[cap-talk] Lua, Javascript, and the Object Capability Model
Matej Kosik
kosik at fiit.stuba.sk
Sat Jul 25 07:41:23 EDT 2009
James Graves wrote:
> Hi Folks,
>
> I had mentioned to Mark Miller that I'd been investigating Lua
> recently. And he asked me how it compared to Javascript. As a reply to
> that, and to discuss Lua and the object-capability model, I thought I'd
> blog about it:
>
>
> Lua, Javascript, and the Object Capability Model
> <http://partiallyappliedlife.blogspot.com/2009/07/lua-and-object-capability-model.html>
Lua probably supports sandboxing. Untrusted code is started in a context
where dangerous functions are undefined.
Does it also support dynamic changes in the reference graph according to
object-capability security model? I.e. connectivity:
- by initial conditions
- parenthood
- by introduction
- by endowment
?
I guess not but because if you want to call a function in Lua, you
specify (forgeable) name. That name is looked up in appropriate
hash-table. Untrusted subsystems may have different hash-tables. I am
not sure though whether it is possible to realize "connectivity by
introduction" in this system. There are certain useful security policies
that cannot be implemented if this is not possible.
--
Matej
More information about the cap-talk
mailing list