[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode: Safe or not? / luac manual
- From: Peter Cawley <lua@...>
- Date: Tue, 1 Nov 2011 17:35:12 +0000
On Tue, Nov 1, 2011 at 5:30 PM, Frank Meier-Dörnberg <email@example.com> wrote:
> Do you want to verify that the (possibly created in bad faith) byte code
> will terminate?
> Or do you want to verify that the bytecode only refer to "allowed"
> ("in-sandbox") variables/functions?
Neither. You want to verify that the bytecode will only interact with
the virtual machine in ways which source code can, and therefore that
the bytecode cannot peform arbitrary native code execution. As I have
example code to prove, Win32 + Lua 5.1.x VM + table.sort + string.gsub
+ bytecode = arbitrary native code execution.