Re: __gc visible to lua code...

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: __gc visible to lua code...
From: "Kristofer Karlsson" <kristofer.karlsson@...>
Date: Fri, 30 Mar 2007 15:20:17 +0200

2007/3/30, Graham Wakefield <lists@grahamwakefield.net>:

Hi,

Today I discovered that a __gc method installed on a userdata
metatable is visible to Lua code; when called out of context it is
likely to cause crashes, so any __gc metamethod in C must typecheck
the argument.

I was surprised to find this out, I thought __gc would be 'hidden'
from Lua. I'm not sure I can think of a reason why you'd want to
call a userdata's __gc from lua code.

Thought others should know.

Graham

Wouldn't a sufficient solution be to set the __metatable field of the userdata metatable to "access denied" or something similar. That way you can ensure that your untrusted lua code can't have access to the __gc metamethod. Assuming of course that you don't expose the metatable or the __gc metamethod some other way.

Follow-Ups:
- Re: __gc visible to lua code..., Michael Broughton

References:
- __gc visible to lua code..., Graham Wakefield

Prev by Date: Re: array index and modulo
Next by Date: Re: Possible API, vaguely related to string efficiency
Previous by thread: Job opportunity - Lua coding
Next by thread: Re: __gc visible to lua code...
Index(es):
- Date
- Thread