Re: [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results)
From: Patrick Donnelly <batrick@...>
Date: Sun, 10 Oct 2010 23:09:15 -0400

On Sun, Oct 10, 2010 at 9:45 PM, Samuel Greear <lua@evilcode.net> wrote:
> I didn't like the fact that the only option for loading a script into
> the kernel was to load the script source. I would make loading
> pre-compiled scripts the preferential method. In fact, I would
> probably tear eval out of the kernel lua implementation and only
> support loading of precompiled byte-code into the kernel.

This sounds like a *really bad* idea. It's been shown in the past that
loading precompiled bytecode is a security hole (by Peter Cawley et
al.). The Lua authors have removed the bytecode verifier because it is
too difficult to verify bytecode integrity. I haven't looked at this
project much (even though it sounds very cool) but if it is possible
for userland processes to specify scripts to run in a kernelland
sandbox, then you do *not* want to load precompiled bytecode.

-- 
- Patrick Donnelly

References:
- [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results), Lourival Vieira Neto
- Re: [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results), Samuel Greear

Prev by Date: Re: Is it possible that port node.js to Lua?
Next by Date: Re: [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results)
Previous by thread: Re: [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results)
Next by thread: Re: [ANN] Lunatik -- NetBSD kernel scripting with Lua (GSoC project results)
Index(es):
- Date
- Thread