-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alexander Gladysh wrote:
[...]
("xyzzy"):rep(1e7):gsub("(z+)", "Z")
This one takes 4 seconds on my box, and has just 9 instructions.
While one can take away IO from untrusted code, string library is
usually a requirement...
Of course, this *does* use an unreasonable amount of memory, which in
such an environment is probably going to managed (apart from anything
else, Lua makes this very easy).
It's an important point, though. I wonder what the *most* malicious
code
it's possible to write in a instruction-and-memory-limited Lua VM,
assuming no IO, of course? Could you, for example, persuade gsub to
continuously insert an empty string, or something similar?
- --
┌─── dg@cowlark.com
───── http://www.cowlark.com ─────
│
│ "People who think they know everything really annoy those of us
who
│ know we don't." --- Bjarne Stroustrup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJpI/2f9E0noFvlzgRArGMAKDe8VmLplNvM39pwwd56rhvdowOVgCfQhmg
876+UbAQX37aFM6g9hIjdMM=
=rPZ3
-----END PGP SIGNATURE-----