Re: Bytecode: Safe or not? / luac manual

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bytecode: Safe or not? / luac manual
From: Stefan Reich <stefan.reich.maker.of.eye@...>
Date: Mon, 31 Oct 2011 18:15:34 +0000

On Mon, Oct 31, 2011 at 5:28 PM, Frank Meier-Dörnberg <frank@md-web.de> wrote:
> Am 31.10.2011 14:19, schrieb Stefan Reich:
>>
>> For that, we need to run code from untrusted sources.
>
> Ah! In other words: It is not required that the code comes from one of your
> own (friendly & trustworthy) pluto-serializers.

Yes, exactly.

> The code may come from the vicious and sneaky side.

Hah... yes, if you'd like to call it that.

> You want to continue not only pure (byte)code, you want to reinstantiate a
> full Lua-State from a pluto-like image, right?

Yes.

> Even a flawless byte code verifier is not the right tool to verify a
> Lua-State, by all I'm able to imagine.

Well, it's one part. The other part would be a Pluto image verifier
which, among other things, calls the bytecode verifier for all
bytecode chunks.

I mean, this is an engineering task. No more no less. I don't know
exactly how much work it is, but I don't think it would take all that
long if a skilled engineer gets to work on it.

And I know there are some real Lua internals experts even on this very list :)

> So it may be better to verify the source of the pluto-image than the image
> itself ?!

Hm, what do you mean, "verify the source"? The "it's someone I know,
so the code is probably fine " thing?

Well that is something we can do: distinguish between trusted and
random sources. But I still want to be able to process code from
random sources. That's kind of the whole point.

What would Java be without the Java sandbox? It allows you to run
untrusted code and it was one of the main reason why Java took off
that quickly back then.

Same with JavaScript. Imagine JavaScript running "trusted" code only.
Would it still be as useful? Your machine would be in danger every
time you browse an unknown website.

No no no. The point of Mobile Lua is to make a robust sandbox for ANY
Lua code (frozen or "virgin"). With a sandbox like that, it will soar.
Because then you can offer computing services to anyone. No worries -
maximum power!

Cheers,
Stefan

Follow-Ups:
- Re: Bytecode: Safe or not? / luac manual, Javier Guerra Giraldez
- Re: Bytecode: Safe or not? / luac manual, Jorge

References:
- Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Luiz Henrique de Figueiredo
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Frank Meier-Dörnberg
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Frank Meier-Dörnberg

Prev by Date: Re: Bytecode: Safe or not? / luac manual
Next by Date: Re: S.W.O.T analysis
Previous by thread: Re: Bytecode: Safe or not? / luac manual
Next by thread: Re: Bytecode: Safe or not? / luac manual
Index(es):
- Date
- Thread