[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode: Safe or not? / luac manual
- From: Frank Meier-Dörnberg <frank@...>
- Date: Mon, 31 Oct 2011 18:28:20 +0100
Am 31.10.2011 14:19, schrieb Stefan Reich:
For that, we need to run code from untrusted sources.
Ah! In other words: It is not required that the code comes from one of
your own (friendly & trustworthy) pluto-serializers.
The code may come from the vicious and sneaky side.
You want to continue not only pure (byte)code, you want to reinstantiate
a full Lua-State from a pluto-like image, right?
Even a flawless byte code verifier is not the right tool to verify a
Lua-State, by all I'm able to imagine.
So it may be better to verify the source of the pluto-image than the
image itself ?!