[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Bytecode abuse in Lua 5.2 (-work4)
- From: Duncan Cross <duncan.cross@...>
- Date: Mon, 23 Aug 2010 13:09:06 +0100
On Mon, Aug 23, 2010 at 8:41 AM, Jim Whitehead II <jnwhiteh@gmail.com> wrote:
> I actually think this makes a lot of sense. Providing and dealing with
> binary chunks is not something that should live outside the debug library,
> particularly given the change in attitude towards the debug library. It is a
> very open vector for attack and not incredibly obvious it exists in a stock
> distribution.
I agree. So there's two related shifts in attitude in 5.2:
(i) Loading bytecode should be considered an "advanced" feature, and
carefully disabled if there is any possibility of an untrusted source.
(ii) The debug library is no longer intended solely for debugging, but
for "advanced" features acceptable for use in normal Lua code.
To me it makes sense that these changes should be reflected by a
noticeable change in the API. I've mentioned before that I'd like to
see "debug" renamed [1] in order to reflect the second one.
[1] http://lua-users.org/lists/lua-l/2010-05/msg00351.html
-Duncan
- References:
- Bytecode abuse in Lua 5.2 (-work4), Peter Cawley
- Re: Bytecode abuse in Lua 5.2 (-work4), Majic
- Re: Bytecode abuse in Lua 5.2 (-work4), Martin Guy
- Re: Bytecode abuse in Lua 5.2 (-work4), Joshua Jensen
- Re: Bytecode abuse in Lua 5.2 (-work4), Jonathan Castello
- Re: Bytecode abuse in Lua 5.2 (-work4), Joshua Jensen
- Re: Bytecode abuse in Lua 5.2 (-work4), Martin Guy
- Re: Bytecode abuse in Lua 5.2 (-work4), KHMan
- Re: Bytecode abuse in Lua 5.2 (-work4), HyperHacker
- Re: Bytecode abuse in Lua 5.2 (-work4), KHMan
- Re: Bytecode abuse in Lua 5.2 (-work4), Stuart P. Bentley
- Re: Bytecode abuse in Lua 5.2 (-work4), Henk Boom
- Re: Bytecode abuse in Lua 5.2 (-work4), Jim Whitehead II