Lua sandbox in Rust

jbe · November 13, 2021, 8:44pm

I would like to run Lua scripts in a sandbox from Rust. I am generally aware of certain risks/caveats regarding Lua sandboxing, such as

binary chunks crashing the interpreter,
modifying metatables of Strings or other built-in types to break out of sandboxes,
malicious code consuming huge amounts of memory or execution time,
problems with memory leaks and longjmps, etc.

That said, I wonder if I should just write my own wrapper for the Lua C API or use one of the existing crates. If I use an existing crate, I'd likely want one that provides a safe interface. I've seen several crates around:

rlua
mlua (apparently fork of rlua)
rust-lua53 (not on crates.io)
mond (only one release, apparently forked 4 years ago from rust-lua53)
…

Does anyone have experience with Lua embedding in Rust or with any of these crates? Any recommendations you can give?

jbe · December 8, 2021, 10:01am

I decided (for now) to write a crate on my own. If you're interested in some of the problems I'm facing, see this post where I explain some of the tricky parts regarding Lua and sandboxing.

system · March 8, 2022, 10:01am

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Embed lua within rust help	3	2261	January 31, 2023
What is the current state of Lua integration with Rust? help	2	2541	January 12, 2023
Zoea - a crate to help baby Rustaceans get onboard community	8	1005	August 18, 2020
Script language for rust like C++ has got Lua?	11	15447	July 3, 2022
Interpreted scripting languages created in Rust (with some doubts about the Ion Shell) community	12	1152	October 30, 2022

Lua sandbox in Rust

Related Topics