Is there anyway to avoid this security issue in Lua?

Question

I was just working on a localizable Lua string solution, when I came up with this hack, problem is I don\'t know how to avoid getting hacked by it :) So I was wondering if a

Answer 1

I don't see the possibility to redefine upper as the problem. Being able to see os.exit is the problem.

As suggested by others, make a sandboxed environment for your scripts. Each script can get a new one; then a person can redefine upper or anything like that, and all they'll screw up is their own thing.

Creating Lua states is so fast and easy, this won't cause any problems.

Another thing you might beware of is eternal loops. Making a 'watchdog' that kills a script after, say, 10000 instructions takes about 10 lines of C code. I can send you sample if you need.