sandbox: no system()

Too hard to sandbox. Maybe we'll get back to it if there's some use case
only it can satisfy.

2 files changed, 5 insertions, 8 deletions

diff --git a/README.md b/README.md
index 91a292d..afc8271 100644
--- a/README.md
+++ b/README.md
@@ -126,8 +126,11 @@ behave unexpectedly under Teliva.
   serializing/deserializing to JSON (module `json`).
 
 The modules mentioned above are always available, just like standard Lua 5.1
-libraries. They're available in their entirety with one exception:
+libraries. However, a few things are different from conventional Lua:
 
+* Some functions are disabled because I don't know how to sandbox them
+  effectively:
+  - `os.execute`
 * Some functions in lcurses have [additional smarts](https://github.com/lcurses/lcurses/blob/master/lib/curses.lua).
   Teliva is [consistent with the underlying ncurses](https://github.com/akkartik/teliva/blob/main/src/lcurses/curses.lua).
 
diff --git a/src/loslib.c b/src/loslib.c
index da06a57..6971d34 100644
--- a/src/loslib.c
+++ b/src/loslib.c
@@ -35,12 +35,6 @@ static int os_pushresult (lua_State *L, int i, const char *filename) {
 }
 
 
-static int os_execute (lua_State *L) {
-  lua_pushinteger(L, system(luaL_optstring(L, 1, NULL)));
-  return 1;
-}
-
-
 static int os_remove (lua_State *L) {
   const char *filename = luaL_checkstring(L, 1);
   return os_pushresult(L, remove(filename) == 0, filename);
@@ -221,7 +215,7 @@ static const luaL_Reg syslib[] = {
   {"clock",     os_clock},
   {"date",      os_date},
   {"difftime",  os_difftime},
-  {"execute",   os_execute},
+  /* no execute without sandboxing it */
   {"exit",      os_exit},
   {"getenv",    os_getenv},
   {"remove",    os_remove},