[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: future of bytecode verifier
- From: Olivier Galibert <galibert@...>
- Date: Thu, 5 Mar 2009 18:17:17 +0100
On Thu, Mar 05, 2009 at 11:44:26AM -0500, Evan DeMond wrote:
> Sorry, I think I misunderstood you a bit, ignore my last comment there. You
> meant that something embedding Lua will run at the same level of security as
> the host application, correct?
Essentially yes. Security only enters the picture when the lua code
comes from somewhere you don't control or when the embeeding
application has elevated priviledges w.r.t what you normally have.
These cases exist (lua bots, game scripts sent to other clients or
servers...), but they're rare.