lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Am 31.10.2011 14:19, schrieb Stefan Reich:
For that, we need to run code from untrusted sources.

Ah! In other words: It is not required that the code comes from one of your own (friendly & trustworthy) pluto-serializers.
The code may come from the vicious and sneaky side.

You want to continue not only pure (byte)code, you want to reinstantiate a full Lua-State from a pluto-like image, right? Even a flawless byte code verifier is not the right tool to verify a Lua-State, by all I'm able to imagine.

So it may be better to verify the source of the pluto-image than the image itself ?!