[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Bytecode abuse in Lua 5.2 (-work4)
- From: Martin Guy <martinwguy@...>
- Date: Sun, 22 Aug 2010 13:05:23 +0200
> > > > > Very informative, thanks! :o
> > > > Was this really worth posting to the entire list?
> > > Your comment was made because you're not interested in the subject or
> > > because you prefer security through obscurity? Or for some other
> reason?
> > I read it as in response to Majic, personally...
> Now, I'm embarrassed. I see Majic's comment now, and I can see why Martin
> made the comment.
No, the biggest idiot is me. I double checked that I was only replying
to majic privately off list, but seem to have managed to spam the list
with something even more pointless. Oh well, let's hope that teaches
me some kind of lesson.
No, the original message is extremely valuable, instructive and
cautionary, and posting it is courageous... as well as it being a
technical tour-de-force!
With Lua being embedded in every conceivable program, browser, photo
editor and web game, a security hole like this would be about as much
fun as the eternal security holes in flash player. A wise response
from the Lua dev community would be to reinstate the bytecode sanity
checking by default, and if removing it has significant advantages
(code size, speed) allowing it to be disabled only #ifdef
FAST_AND_FURIOUS
I agree with majic. Nice work.
M
