Re: Bytecode: Safe or not? / luac manual

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bytecode: Safe or not? / luac manual
From: Paul Hudson <phudson@...>
Date: Tue, 1 Nov 2011 15:42:34 +0000

>1. We know that unexploitable bytecode exists. See the examples in my
last mail: one-instruction assembly etc.

>2. Lua is a fairly simple language. Not maximally simple, but with,
overall, a nicely limited number of constructs.

You've not really defined this yet, though:

> You should define the scope of what you want to verify and
> check its feasibility, before you put it on your feature list and start
> throwing resources at it.

Lua is more than powerful enough to have the halting-problem - you can't tell if some bytecode you receive will terminate or not. As a consequence, you can't say (in general) whether any arbitary point in that code will be reached (or not reached).

This is what Jorge means by defining what you mean by "safe". Depending on your definition, it may feasible to assess "safety" or it may be very difficult or even impossible.

> The mobile code revolution is one that is still strangely lacking from
computer science

Not really. See here, for instance: http://en.wikipedia.org/wiki/Mobile_agent

It's not really the silver bullet you seem to hope it will be.

Not really. See

Follow-Ups:
- Re: Bytecode: Safe or not? / luac manual, Frank Meier-Dörnberg

References:
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Jorge
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich

Prev by Date: Re: Bytecode: Safe or not? / luac manual
Next by Date: Re: Bytecode: Safe or not? / luac manual
Previous by thread: Re: Bytecode: Safe or not? / luac manual
Next by thread: Re: Bytecode: Safe or not? / luac manual
Index(es):
- Date
- Thread