lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> 1) I load untrusted code which runs loadstring on evil bytecode that can
> hack my machine.

In this case, you use the load function, not loadstring. The new load function
would have a flag say whether to reject bytecode.

> 2) I load trusted code which runs loadstring on nice bytecode that performs
> useful things.

You use loadstring as usual.
 
> Will it still be able to load bytecode, so we will have to hook it manually
> to disable it for evil code, like this:
> do
> local _loadstring = loadstring
> function loadstring(src, name)
> if src:byte(1) == 27 then
> error"bytecode!"
> end
> return _loadstring(src, name)
> end
> end

Yes, that could work as well. And can be done today.