[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Bytecode abuse in Lua 5.2 (-work4)
- From: Jonathan Castello <twisolar@...>
- Date: Sat, 21 Aug 2010 21:27:23 -0700
On Sat, Aug 21, 2010 at 9:23 PM, Joshua Jensen
<jjensen@workspacewhiz.com> wrote:
> ----- Original Message -----
> From: Martin Guy
> Date: 8/21/2010 9:43 PM
>>
>> Was this really worth posting to the entire list?
>>
>> On 8/22/10, Majic<majic.one@gmail.com> wrote:
>>>
>>> Very informative, thanks! :o
>>>
>>> On Sat, Aug 21, 2010 at 3:22 PM, Peter Cawley<lua@corsix.org> wrote:
>>> > As anyone who has tracked Lua 5.2's development will likely know, the
>>> > bytecode verifier was removed, and the responsibility shifted to the
>>> > end-developer to ensure that bytecode from untrusted sources couldn't
>>> > be loaded. To show just how important this responsibility is, I've
>>> > written up a pure Lua module for the default Lua 5.2 (-work4)
>>> > interpreter which can read and write arbitrary memory locations. The
>>> > only thing standing between this and a generic
>>> > arbitrary-code-execution exploit is DEP (hardware/OS level memory
>>> page
>>> > protection preventing where code can be executed from).
>>> >
>>> > The code is available at:
>>> > http://www.corsix.org/lua/bytecode_abuse_0_1.lua
>
> Your comment was made because you're not interested in the subject or
> because you prefer security through obscurity? Or for some other reason?
>
> I'm very interested in this. The question I would ask at this point is
> whether the built-in Lua 5.1 bytecode verifier could have prevented this?
>
> Josh
>
I read it as in response to Majic, personally...
I don't usually read other people's code, but I couldn't resist
reading over this. It's definitely pretty cool! Looking at it, I can't
help but think of a possible inline "assembler" library for the Lua
VM. That would be pretty nifty. (Insecure too, obviously, but still
nifty.)
~Jonathan
