[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua Security Considerations...
- From: "Robert G. Jakabosky" <bobby@...>
- Date: Thu, 12 Mar 2009 03:56:43 -0700
On Wednesday 11, Grant Robinson wrote:
> We are embedding the Lua interpreter and our byte code into a C
> application. Still, management is concerned about how hard it would
> be for some hacker who knew we were using Lua to hook the VM and
> inject Lua code into the interpreter. They are also concerned about
> competitors disassembling our binary application and gaining access to
> the Lua byte code that would include algorithms our competition would
> benefit from.
You can compile the Lua bytecode to native code and static compile that into
your application using llvm-lua. This will provide some obfuscation of the
Lua bytecode, with an added plus of faster Lua code.
Checkout the latest code here:
http://code.google.com/p/llvm-lua/source/checkout
The latest SVN code (I just committed the changes) has some new features:
* Stripping Lua opcodes from the native compiled Lua functions. Previous
versions still had the opcodes for tracebacks.
* Compiling lua files into loadable shared libraries (tested on linux, should
work on other plantforms).
* Support for embedding llvm-lua into other applications. Right now the
embeddable llvm-lua library requires linking the application with the LLVM
libs. I will try to make this optional later.
I will try to do a new llvm-lua release soon, maybe this week if my other work
doesn't get in the way.
--
Robert G. Jakabosky
