Re: [ANN] Luabins ? Trivial Lua Binary Serialization Library

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Luabins ? Trivial Lua Binary Serialization Library
From: "Alex Davies" <alex.mania@...>
Date: Mon, 23 Feb 2009 22:15:47 +0900

John Hind wrote:

I'm with Luiz on this one and I think your objections are misguided:

I don't quite understand where you're coming from - he's concerned about thesecurity of bytecode when loading serialized data. Obviously the algorithmitself will generate safe code - but who's to say the file you're loadingfrom disk was generated by the algorithm? It could have been modified.There are vulnerabilities in the current bytecode verifier (minor, but segfaults can be raised), and the fact that more may be found is a deterrent.Even if the bytecode is completely secure, and the file is run in a completeno-globals sandbox, it can still lock the program in an infinite loop.(Which was his other deterrent). Then there is the speed issue - if you'retrying to pass data between lua_states in memory this could become aproblem.

But for most applications the bytecode serializer sounds like a better ideaimo.

- Alex

Follow-Ups:
- RE: [ANN] Luabins ? Trivial Lua Binary Serialization Library, John Hind

References:
- [ANN] Luabins — Trivial Lua Binary Serialization Library, Alexander Gladysh
- Re: [ANN] Luabins ? Trivial Lua Binary Serialization Library, Luiz Henrique de Figueiredo
- Re: [ANN] Luabins ? Trivial Lua Binary Serialization Library, Alexander Gladysh
- Re: [ANN] Luabins ? Trivial Lua Binary Serialization Library, Alexander Gladysh
- RE: [ANN] Luabins ? Trivial Lua Binary Serialization Library, John Hind

Prev by Date: Re: [ANN] Luabins ? Trivial Lua Binary Serialization Library
Next by Date: Re: Porting a Javascript program
Previous by thread: RE: [ANN] Luabins ? Trivial Lua Binary Serialization Library
Next by thread: RE: [ANN] Luabins ? Trivial Lua Binary Serialization Library
Index(es):
- Date
- Thread