lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

It was thus said that the Great Stefan Reich once stated:
> That is easily possible with many VMs. For example, a C64 emulator can
> in all likelihood not be crashed by bad C64 code. It just doesn't work
> that way as 6510 assembly instructions are easy to control. (Only
> controlled halting of the VM is possible.)
> Also, I once wrote a VM for an assembly language with only one
> instruction. That was also very easily verifiable bytecode.
> Also, Java has a bytecode verifier that, AFAIK, has no known vulnerabilities.

  I don't know, doing a search for "java bytecode verifier vulnerability"
certain brought up a ton of results.  Granted, the results appear to be
several years old, but from a quick scan through the results, it appears
that Java bytecode verification wasn't quite as trivial as you make it

  -spc (Even if you carefully verify all the opcodes, you are still
	vulnerable to a "return-to-libc" style attack)