[Lumiera] [Sputnik-list] Asciidoc ?
Christian Thaeter
ct at pipapo.org
Thu Sep 17 17:49:57 CEST 2009
Jean-Marc Liotier wrote:
> Christian Thaeter wrote:
>>> after searching the web I have not yet found anything in Lua that
>>> processes AsciiDoc - apart from calling os.execute(asciidoc) which
>>> is of course an horrible solution for anything exposed to
>>> uncontrolled inputs...
>>
>> I've forgotten to say, we making a decent security model to make this
>> secure, the wiki itself will run in a chroot environment, the
>> metadata database is outside and access checks are run before any
>> user code/asciidoc gets executed.
>>
>> I written a 'ulua', thats a standalone lua interpreter like the
>> normal 'lua' but does chrooting and suexecing for lua scripts. This
>> might be of interest for anyone else who uses lua on a webserver. The
>> source is within the uwiki git repo.
>
> That could definitely solve our problem. I'll definitely follow your
> work on that subject.
>
> Would that be OS specific ? As a Linux user I don't mind much, but I'm
> just curious.
chrooting and suexecig in this way is unix specific (not only linux, but
unix/posix). I dont know any similar thing to chrooting on windows, but
i know there is some way to switch a user while i have absolutely no
clue how thats to be done ([x] send patches).
I implemented and tested it on Linux, there is also a note that its is
only tested there. I see no problem to port this to other unixes, just
try and be careful that it really works. If anything needs to be fixed
for that please send me patches.
uWiki will be released under the AGPL3, while the ulua as exception
follows lua's license to be completely compatible with it.
Christian
More information about the Lumiera
mailing list