[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode: Safe or not? / luac manual
- From: Sean Conner <sean@...>
- Date: Tue, 1 Nov 2011 16:18:31 -0400
It was thus said that the Great Peter Cawley once stated:
> On Tue, Nov 1, 2011 at 8:09 PM, Sean Conner <firstname.lastname@example.org> wrote:
> > Even if you carefully verify all the opcodes, you are still
> > vulnerable to a "return-to-libc" style attack.
> And what exactly is the Lua equivalent to return-to-libc?
I haven't bothered to study the Lua VM opcodes, so I can't say. But the
"return-to-libc" attack is (in my opinion) an incredible "out of the box"
style thinking to executing arbitrary code.
-spc (And it doesn't have to be exactly "return-to-libc", just a way of
constructing a call-return stack to execute code that might
otherwise be rejected ... )