[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua 5.1 (beta) now available
- From: Mike Pall <mikelu-0511@...>
- Date: Mon, 21 Nov 2005 16:45:06 +0100
Hi,
Roberto Ierusalimschy wrote:
> Well, there are other "problems", for instance
> a traversal of a table with NaN will also fail, again because
> it will not be able to find that key to continue the traversal.
> But that does not "break" Lua, it is only a strange behavior for a
> strange situation.
Ahemm ... such a behaviour rings all alarm bells in my mind.
If you can trick an application into inserting a NaN key into a
table, you've effectively created a denial of service attack.
Because a subsequent table traversal will throw an error.
Previously there was no possibility this activity could have
thrown an error.
Or think about sandboxing: malicious sandboxed code could just
insert a NaN into a table and make the surrounding supervisor
code crash later on.
You are opening the gates here ... I don't think everyone will
remember to wrap all potentially dangerous table traversals with
pcall(). This has the same potential for abuse as the inadvertent
user code execution problem with getmetatable() (fixed in
5.1-beta).
I don't care so much whether NaN can be inserted or not or
whether it can be retrieved or not. But breaking table traversals
is not a good idea IMHO.
Bye,
Mike