[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode: Safe or not? / luac manual
- From: Stefan Reich <stefan.reich.maker.of.eye@...>
- Date: Sun, 30 Oct 2011 20:50:03 +0000
Ah. So the manpage is basically in error because it doesn't know about
the exploits yet.
I really do hope that lbcv covers all the possible violations. Having
a safe way of loading untrusted bytecode is quite crucial to what I
want to be able to do with Mobile Lua.
Once we have safe deserialisation of Lua states - we can achieve total
mobility for all Lua code.
I don't know about you guys, but I for one am really excited about
On Sun, Oct 30, 2011 at 7:29 PM, Luiz Henrique de Figueiredo
>> "Lua always performs a thorough integrity test on precompiled chunks"?
>> I thought everybody agreed that bytecode is unsafe in 5.1.
>> How can the contradiction be solved?
> It was solved in 5.2 by removing the bytecode verifier,
> mainly because Peter Cawley has shown several exploits
> of flaws in the bytecode verifier of Lua 5.1. See also