[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode abuse in Lua 5.2 (-work4)
- From: Joshua Jensen <jjensen@...>
- Date: Sat, 21 Aug 2010 22:23:18 -0600
----- Original Message -----
From: Martin Guy
Date: 8/21/2010 9:43 PM
Your comment was made because you're not interested in the subject or
because you prefer security through obscurity? Or for some other reason?
Was this really worth posting to the entire list?
On 8/22/10, Majic<email@example.com> wrote:
Very informative, thanks! :o
On Sat, Aug 21, 2010 at 3:22 PM, Peter Cawley<firstname.lastname@example.org> wrote:
> As anyone who has tracked Lua 5.2's development will likely know, the
> bytecode verifier was removed, and the responsibility shifted to the
> end-developer to ensure that bytecode from untrusted sources couldn't
> be loaded. To show just how important this responsibility is, I've
> written up a pure Lua module for the default Lua 5.2 (-work4)
> interpreter which can read and write arbitrary memory locations. The
> only thing standing between this and a generic
> arbitrary-code-execution exploit is DEP (hardware/OS level memory page
> protection preventing where code can be executed from).
> The code is available at:
I'm very interested in this. The question I would ask at this point is
whether the built-in Lua 5.1 bytecode verifier could have prevented this?