[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: RE: precompiling lua script problem
- From: Luiz Henrique de Figueiredo <lhf@...>
- Date: Wed, 9 Jul 2003 03:13:33 -0300
Shelby Hubick wrote:
>MAXSTACK was changed in llimits.h. [...] But this value wasn't changed
>in luac to match, which caused the problem.
Just for the record: This was in Lua 4.0. In Lua 5.0, this problem would have
been automatically detected by the bytecode integrity check performed when
loading precompiled scripts.
It may have passed unnoticed, but Lua 5.0 performs a symbolic execution of the
bytecodes loaded in precompiled scripts. This check should detect malicious
or erroneous bytecode that would otherwise crash the VM (but of course it
cannot prevent denial-of-service attacks, such as infinite loops). This check
also allows precompiled scripts to be loaded and run from inside Lua, not only
from C; that's what we have called "secure binary dostring" in HISTORY.
To quote the luac man page:
Lua always performs a thorough integrity test on precompiled chunks.
Bytecode that passes this test is completely safe, in the sense that
it will not break the interpreter. However, there is no guarantee that
such code does anything sensible. (None can be given, because the
halting problem is unsolvable.)
(On the other hand, if you're shipping production code that is bug free :-)
and contains really long precompiled scripts that need to be loaded as fast
as possible and you only load precompiled scripts from your CD ROM or another
trusted source, then you *may* want to recompile lundump.c with TRUST_BINARIES
defined to skip this integrity test, though I doubt this will gain you much
time compared with reading and loading the script, and so I don't recommend it.
So, this is last bit just a cultural note...)
