|
John Hind wrote:
I'm with Luiz on this one and I think your objections are misguided:
I don't quite understand where you're coming from - he's concerned about the security of bytecode when loading serialized data. Obviously the algorithm itself will generate safe code - but who's to say the file you're loading from disk was generated by the algorithm? It could have been modified. There are vulnerabilities in the current bytecode verifier (minor, but seg faults can be raised), and the fact that more may be found is a deterrent. Even if the bytecode is completely secure, and the file is run in a complete no-globals sandbox, it can still lock the program in an infinite loop. (Which was his other deterrent). Then there is the speed issue - if you're trying to pass data between lua_states in memory this could become a problem.
But for most applications the bytecode serializer sounds like a better idea imo.
- Alex