lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Luiz Henrique de Figueiredo wrote:
> > It's necessary to fix the bytecode verifier to prevent injection of
> > malicious bytecode.
> 
> Yes, but it seems that this is proving to be harder each time Peter Cawley
> finds a new bytecode manipulation attack. (Thanks anyway, Peter!)

This is not surprising, because it *is* a hard problem.

Remember that the Java bytecode has been specifically designed to
be verifiable and to be safely run in the browser and on MMU-less
architectures. But more than a decade later, bugs in the bytecode
verifier are still discovered. Since Java in the browser has all
but lost it's installed base, the focus of active attacks has
shifted to more "interesting" targets. Apart from the leaky bucket
that IE is, the Flash VM and its bytecode verifier get hammered now.

Let's consider ourselves lucky that Lua is _not_ part of the
browser ecosystem ...

That said: if you need to prevent malicious code injection, don't
solely rely on any bytecode verifier. Either distribute source
code or use cryptographically signed bytecode. Proper sandboxing
is equally hard, so better combine it with hardware-assisted
protection mechanisms, if available (see Google Chrome).

--Mike