I don't see why scripts would be denied access to the file system. The trick is to make sure that there is a proper mechanism for pre-emption. This can be accomplished by removing or modifying the traditional file access API in Lua so that it respects a set of rules. For example, Lua should never be allowed outside its container (or above a certain directory in the path).danuker wrote:I'm on Linux. Linux rules.
[Though it might also be vulnerable.]
Running Spring under a different set of credentials isn't necessarily an ideal workaround since your introducing additional complexity for the end user.
