Re: future of bytecode verifier

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: future of bytecode verifier
From: Sam Roberts <vieuxtech@...>
Date: Thu, 5 Mar 2009 09:26:16 -0800

On Thu, Mar 5, 2009 at 6:06 AM, Ralph Hempel
<rhempel@hempeldesigngroup.com> wrote:
> John Hind wrote:
>
>> This approach makes Lua "safe by default" and anyone implementing bytecode
>> support is made responsible for the integrity of the bytecodes between
>> write
>> and read operations (for example by restricting to a protected store, or
>> even by implementing cryptographic signing).
>
> Strongly agree.

Lua isn't "safe by default" now. By default, it exposes the debug
library, and os.execute(). I like that. Running code of unknown
provenance, byte or string, is unsafe by its very nature.

Sam

Follow-Ups:
- RE: future of bytecode verifier, John Hind

References:
- future of bytecode verifier, Luiz Henrique de Figueiredo
- Re: future of bytecode verifier, Ralph Hempel

Prev by Date: Re: future of bytecode verifier
Next by Date: Re: future of bytecode verifier
Previous by thread: Re: future of bytecode verifier
Next by thread: RE: future of bytecode verifier
Index(es):
- Date
- Thread