[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Nonblocking script execution
- From: David Given <dg@...>
- Date: Wed, 25 Feb 2009 00:25:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alexander Gladysh wrote:
[...]
> ("xyzzy"):rep(1e7):gsub("(z+)", "Z")
>
> This one takes 4 seconds on my box, and has just 9 instructions.
>
> While one can take away IO from untrusted code, string library is
> usually a requirement...
Of course, this *does* use an unreasonable amount of memory, which in
such an environment is probably going to managed (apart from anything
else, Lua makes this very easy).
It's an important point, though. I wonder what the *most* malicious code
it's possible to write in a instruction-and-memory-limited Lua VM,
assuming no IO, of course? Could you, for example, persuade gsub to
continuously insert an empty string, or something similar?
- --
┌─── dg@cowlark.com ───── http://www.cowlark.com ─────
│
│ "People who think they know everything really annoy those of us who
│ know we don't." --- Bjarne Stroustrup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJpI/2f9E0noFvlzgRArGMAKDe8VmLplNvM39pwwd56rhvdowOVgCfQhmg
876+UbAQX37aFM6g9hIjdMM=
=rPZ3
-----END PGP SIGNATURE-----
