[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Lua Security Considerations...
- From: Grant Robinson <jgrantr@...>
- Date: Wed, 11 Mar 2009 10:30:18 -0600
We are trying to convince management to let us use Lua in an
enterprise-quality application that we will be distributing to
consumers.
We are embedding the Lua interpreter and our byte code into a C
application. Still, management is concerned about how hard it would
be for some hacker who knew we were using Lua to hook the VM and
inject Lua code into the interpreter. They are also concerned about
competitors disassembling our binary application and gaining access to
the Lua byte code that would include algorithms our competition would
benefit from.
My question is what can I tell management to alleviate their concerns?
Also, are there any tricks you can think of to make it harder for
someone to hack into (aka, disassemble, decompile, etc) our code and
take over our Lua Interpreter?
I have some ideas already (remove debug library, remove extraneous
loaders from the package.loaders table, disable, package.loadlib,
etc), but I am looking for other ideas and someone with practical
experience hacking Lua bytecode.
--
Grant Robinson
jgrantr@gmail.com