Re: safe subset of FFI?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: safe subset of FFI?
From: "Robert G. Jakabosky" <bobby@...>
Date: Tue, 17 May 2011 19:02:43 -0700

On Tuesday 17, Josh Haberman wrote:
> Justin Cormack <justin <at> specialbusservice.com> writes:
> > It is not hard to wrap bounds testing around an ffi structure
> 
> This misses the point: once FFI is loaded, memory safety is gone.
> Any malicious or buggy code that is loaded could buffer overflow.
> If a memory-safe FFI subset existed, you could allow it to be
> loaded (but not FFI) and get some of FFI's benefits without giving
> up memory safety.

You can hide the FFI module from sandboxed code.  Wrap FFI up in a safe 
interface, then sandbox the unsafe code.

-- 
Robert G. Jakabosky

References:
- safe subset of FFI?, Josh Haberman
- Re: safe subset of FFI?, Justin Cormack
- Re: safe subset of FFI?, Josh Haberman

Prev by Date: Re: LuaJIT missing from language shootout benchmarking site
Next by Date: Re: A Lua todo-list DSL
Previous by thread: Re: safe subset of FFI?
Next by thread: LuaJIT missing from language shootout benchmarking site
Index(es):
- Date
- Thread