lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Luiz Henrique de Figueiredo wrote:
> If you can restrict yourself to Lua data files containing just a
> few table constructors, then prepending "return " to the file (and
> separating the constructors with commas) ensures that it cannot execute
> malicious code (as long as you do not export any functions that you
> consider dangerous).

Well, what about:

  return ("x"):rep(1e11)
  return (function() repeat until false end)()

I'd consider heavy swapping or an infinite loop as malicious
code. Adding a CALL hook helps. But this is still not satisfying
from a security perspective. Any number of unrelated changes to
the VM may open up new holes.

A dedicated "safe" chunk loader would also reduce the overhead
for big files (avoids source -> bytecode -> interpreter -> data).
Adding selected constructor functions isn't too difficult either.

IMHO the safe loader approach is better for pure data files or
files of unknown origin. It's not so good for configuration files
because there you really want the flexibility of a turing
complete language. Sooner or later every home grown config parser
adds conditionals, macros and so on. See Greenspun's law.