Recreating setfenv() in Lua 5.2
How can I recreate the functionality of setfenv in Lua 5.2? I\'m having some trouble understanding exactly how you are supposed to use the new _ENV
-
To recreate
setfenv/getfenvin Lua 5.2 you can do the following:if not setfenv then -- Lua 5.2 -- based on http://lua-users.org/lists/lua-l/2010-06/msg00314.html -- this assumes f is a function local function findenv(f) local level = 1 repeat local name, value = debug.getupvalue(f, level) if name == '_ENV' then return level, value end level = level + 1 until name == nil return nil end getfenv = function (f) return(select(2, findenv(f)) or _G) end setfenv = function (f, t) local level = findenv(f) if level then debug.setupvalue(f, level, t) end return f end endRPFeltz's answer (
load(string.dump(f)...)) is a clever one and may work for you, but it doesn't deal with functions that have upvalues (other than _ENV).There is also compat-env module that implements Lua 5.1 functions in Lua 5.2 and vice versa.
讨论(0) -
In Lua5.2 a sandboxeable function needs to specify that itself. One simple pattern you can use is have it receive
_ENVas an argumentfunction(_ENV) ... endOr wrap it inside something that defines the env
local mk_func(_ENV) return function() ... end end local f = mk_func({print = print})However, this explicit use of
_ENVis less useful for sandboxing, since you can't always assume the other function will cooperate by having an_ENVvariable. In that case, it depends on what you do. If you just want to load code from some other file then functions such asloadandloadfileusually receive an optional environment parameter that you can use for sandboxing. Additionally, if the code you are trying to load is in string format you can use string manipulation to add_ENVvariables yourself (say, by wrapping a function with an env parameter around it)local code = 'return function(_ENV) return ' .. their_code .. 'end'Finally, if you really need dynamic function environment manipulation, you can use the debug library to change the function's internal upvalue for
_ENV. While using the debug library is not usually encouraged, I think it is acceptable if all the other alternatives didn't apply (I feel that in this case changing the function's environment is deep voodoo magic already so using the debug library is not much worse)讨论(0) -
It's a bit expensive, but if it's that important to you...
Why not use string.dump, and re-load the function into the right environment?
function setfenv(f, env) return load(string.dump(f), nil, nil, env) end function foo() herp(derp) end setfenv(foo, {herp = print, derp = "Hello, world!"})()讨论(0) -
You cannot change the environment of a function without using the debug library from Lua in Lua 5.2. Once a function has been created, that is the environment it has. The only way to modify this environment is by modifying its first upvalue, which requires the debug library.
The general idea with environments in Lua 5.2 is that the environment should be considered immutable outside of trickery (ie: the debug library). You create a function in an environment; once created there, that's the environment it has. Forever.
This is how environments were often used in Lua 5.1, but it was easy and sanctioned to modify the environment of anything with a casual function call. And if your Lua interpreter removed
setfenv(to prevent users from breaking the sandbox), then the user code can't set the environment for their own functions internally. So the outside world gets a sandbox, but the inside world can't have a sandbox within the sandbox.The Lua 5.2 mechanism makes it harder to modify the environment post function-creation, but it does allow you to set the environment during creation. Which lets you sandbox inside the sandbox.
So what you really want is to just rearrange your code like this:
local foo; do local _ENV = { print = print } function foo() print('env', _ENV) bar = 1 end endfoois now sandboxed. And now, it's much harder for someone to break the sandbox.As you can imagine, this has caused some contention among Lua developers.
讨论(0)
加载中...
- 热议问题