diff --git a/doc/extensions.html b/doc/extensions.html
index b36e2855..0fc65330 100644
--- a/doc/extensions.html
+++ b/doc/extensions.html
@@ -326,7 +326,7 @@ the toolchain used to compile LuaJIT:
| Windows/x64 |
-MSVC or WinSDK |
+MSVC |
Full |
diff --git a/doc/faq.html b/doc/faq.html
index 6208882b..65b0d842 100644
--- a/doc/faq.html
+++ b/doc/faq.html
@@ -55,7 +55,7 @@ dd { margin-left: 1.5em; }
-
+
- Q: Where can I learn more about LuaJIT and Lua?
-
@@ -75,7 +75,7 @@ has information about diverse topics.
-
+
- Q: Where can I learn more about the compiler technology used by LuaJIT?
-
I'm planning to write more documentation about the internals of LuaJIT.
@@ -91,7 +91,7 @@ And, you know, reading the source is of course the only way to enlightenment. :-
-
+
- Q: Why do I get this error: "attempt to index global 'arg' (a nil value)"?
Q: My vararg functions fail after switching to LuaJIT!
- LuaJIT is compatible to the Lua 5.1 language standard. It doesn't
@@ -101,7 +101,7 @@ functions from Lua 5.0.
Please convert your code to the
vararg syntax.
-
+
- Q: Why do I get this error: "bad FPU precision"?
- Q: I get weird behavior after initializing Direct3D.
- Q: Some FPU operations crash after I load a Delphi DLL.
@@ -123,7 +123,7 @@ Please check the Delphi docs for the Set8087CW method.
-
+
- Q: Sometimes Ctrl-C fails to stop my Lua program. Why?
- The interrupt signal handler sets a Lua debug hook. But this is
currently ignored by compiled code (this will eventually be fixed). If
@@ -134,7 +134,31 @@ twice to get stop your program. That's similar to when it's stuck
running inside a C function under the Lua interpreter.
-
+
+- Q: Can Lua code be safely sandboxed?
+-
+Maybe for an extremly restricted subset of Lua and if you relentlessly
+scrutinize every single interface function you offer to the untrusted code.
+
+Although Lua provides some sandboxing functionality (setfenv(), hooks),
+it's very hard to get this right even for the Lua core libraries. Of course,
+you'll need to inspect any extension library, too. And there are libraries
+that are inherently unsafe, e.g. the FFI library.
+
+Relatedly, loading untrusted bytecode is not safe! It's trivial
+to crash the Lua or LuaJIT VM with maliciously crafted bytecode. This is
+well known and there's no bytecode verification on purpose, so please
+don't report a bug about it. Check the mode parameter for the
+load*() functions to disable loading of bytecode.
+
+In general, the only promising approach is to sandbox Lua code at the
+process level and not the VM level.
+
+More reading material at the » Lua Wiki and Wikipedia.
+
+
+
+
- Q: Why doesn't my favorite power-patch for Lua apply against LuaJIT?
- Because it's a completely redesigned VM and has very little code
in common with Lua anymore. Also, if the patch introduces changes to
@@ -145,7 +169,7 @@ can use source transformations or use wrapper or proxy functions.
The compiler will happily optimize away such indirections.
-
+
- Q: Lua runs everywhere. Why doesn't LuaJIT support my CPU?
- Because it's a compiler — it needs to generate native
machine code. This means the code generator must be ported to each
@@ -156,7 +180,7 @@ architectures. Other architectures will follow based on sufficient user
demand and/or sponsoring.
-
+
- Q: When will feature X be added? When will the next version be released?
- When it's ready.
C'mon, it's open source — I'm doing it on my own time and you're