Blacklisted Modules
Examples of functions that are blacklisted
-- loadfile
func = assert (loadfile ("malicious.exe"))
func () -- execute function nloadfile can be useful to load other lua files, but can also load executable files, as well as just other malicious lua files
All blacklisted modules/functions
os
io
file
dofile
loadfile
Reasons
os
os.execute - call external programs os.quit - close program os.remove - modify system files
dofile
may read arbitrary files on the file system, can also read standard input
loadfile
load external programs, also can load bytecode rather than lua code
Last updated
Was this helpful?