Re: Precompiled Lua and safety

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Precompiled Lua and safety
From: Rici Lake <lua@...>
Date: Sun, 28 Jan 2007 16:00:08 -0500


On 28-Jan-07, at 3:34 PM, Gé Weijers wrote:

Here's a question:
A Java VM is required to validate all compiled programs beforeexecuting them, because one of the goals of the Java language is toallow execution of untrusted code.
How much damage could you do by maliciously hand-crafting a compiledLua program and feeding it to the interpreter?

Not much, if any. The Lua bytecode loader validates the bytecode,although I don't know of any formal proof of its correctness. Itensures that no opcode references slots outside of its stack frame, anda variety of other conditions which might otherwise cause crashes inthe VM.

References:
- Precompiled Lua and safety, Gé Weijers

Prev by Date: Re: How do I change Environment variables
Next by Date: Re: getting upvalues in current thread's environment?
Previous by thread: Precompiled Lua and safety
Next by thread: copy a table
Index(es):
- Date
- Thread