Re: future of bytecode verifier

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: future of bytecode verifier
From: Luiz Henrique de Figueiredo <lhf@...>
Date: Thu, 5 Mar 2009 11:42:34 -0300

> 1) I load untrusted code which runs loadstring on evil bytecode that can
> hack my machine.

In this case, you use the load function, not loadstring. The new load function
would have a flag say whether to reject bytecode.

> 2) I load trusted code which runs loadstring on nice bytecode that performs
> useful things.

You use loadstring as usual.
 
> Will it still be able to load bytecode, so we will have to hook it manually
> to disable it for evil code, like this:
> do
> local _loadstring = loadstring
> function loadstring(src, name)
> if src:byte(1) == 27 then
> error"bytecode!"
> end
> return _loadstring(src, name)
> end
> end

Yes, that could work as well. And can be done today.

References:
- future of bytecode verifier, Luiz Henrique de Figueiredo
- Re: future of bytecode verifier, Luiz Henrique de Figueiredo
- Re: future of bytecode verifier, Luiz Henrique de Figueiredo
- Re: future of bytecode verifier, Luiz Henrique de Figueiredo
- Re: future of bytecode verifier, Kristofer Karlsson

Prev by Date: Re: future of bytecode verifier
Next by Date: Re: future of bytecode verifier
Previous by thread: Re: future of bytecode verifier
Next by thread: Re: future of bytecode verifier
Index(es):
- Date
- Thread