I would like to run Lua scripts in a sandbox from Rust. I am generally aware of certain risks/caveats regarding Lua sandboxing, such as
- binary chunks crashing the interpreter,
- modifying metatables of Strings or other built-in types to break out of sandboxes,
- malicious code consuming huge amounts of memory or execution time,
- problems with memory leaks and
longjmp
s, etc.
That said, I wonder if I should just write my own wrapper for the Lua C API or use one of the existing crates. If I use an existing crate, I'd likely want one that provides a safe interface. I've seen several crates around:
rlua
-
mlua
(apparently fork ofrlua
) -
rust-lua53
(not on crates.io) -
mond
(only one release, apparently forked 4 years ago fromrust-lua53
) - …
Does anyone have experience with Lua embedding in Rust or with any of these crates? Any recommendations you can give?