lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander Gladysh wrote:
[...]
> ("xyzzy"):rep(1e7):gsub("(z+)", "Z")
> 
> This one takes 4 seconds on my box, and has just 9 instructions.
> 
> While one can take away IO from untrusted code, string library is
> usually a requirement...

Of course, this *does* use an unreasonable amount of memory, which in
such an environment is probably going to managed (apart from anything
else, Lua makes this very easy).

It's an important point, though. I wonder what the *most* malicious code
it's possible to write in a instruction-and-memory-limited Lua VM,
assuming no IO, of course? Could you, for example, persuade gsub to
continuously insert an empty string, or something similar?

- --
┌─── dg@cowlark.com ───── http://www.cowlark.com ─────
│
│ "People who think they know everything really annoy those of us who
│ know we don't." --- Bjarne Stroustrup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJpI/2f9E0noFvlzgRArGMAKDe8VmLplNvM39pwwd56rhvdowOVgCfQhmg
876+UbAQX37aFM6g9hIjdMM=
=rPZ3
-----END PGP SIGNATURE-----