lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Tuesday 17, Josh Haberman wrote:
> Justin Cormack <justin <at> specialbusservice.com> writes:
> > It is not hard to wrap bounds testing around an ffi structure
> 
> This misses the point: once FFI is loaded, memory safety is gone.
> Any malicious or buggy code that is loaded could buffer overflow.
> If a memory-safe FFI subset existed, you could allow it to be
> loaded (but not FFI) and get some of FFI's benefits without giving
> up memory safety.

You can hide the FFI module from sandboxed code.  Wrap FFI up in a safe 
interface, then sandbox the unsafe code.

-- 
Robert G. Jakabosky