[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: future of bytecode verifier
- From: Sam Roberts <vieuxtech@...>
- Date: Thu, 5 Mar 2009 09:26:16 -0800
On Thu, Mar 5, 2009 at 6:06 AM, Ralph Hempel
> John Hind wrote:
>> This approach makes Lua "safe by default" and anyone implementing bytecode
>> support is made responsible for the integrity of the bytecodes between
>> and read operations (for example by restricting to a protected store, or
>> even by implementing cryptographic signing).
> Strongly agree.
Lua isn't "safe by default" now. By default, it exposes the debug
library, and os.execute(). I like that. Running code of unknown
provenance, byte or string, is unsafe by its very nature.