Re: Bytecode: Safe or not? / luac manual

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bytecode: Safe or not? / luac manual
From: Sean Conner <sean@...>
Date: Tue, 1 Nov 2011 16:18:31 -0400

It was thus said that the Great Peter Cawley once stated:
> On Tue, Nov 1, 2011 at 8:09 PM, Sean Conner <sean@conman.org> wrote:
> > Even if you carefully verify all the opcodes, you are still
> > vulnerable to a "return-to-libc" style attack.
> 
> And what exactly is the Lua equivalent to return-to-libc?

  I haven't bothered to study the Lua VM opcodes, so I can't say.  But the
"return-to-libc" attack is (in my opinion) an incredible "out of the box"
style thinking to executing arbitrary code.

  -spc (And it doesn't have to be exactly "return-to-libc", just a way of
	constructing a call-return stack to execute code that might
	otherwise be rejected ... )

References:
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Rob Kendrick
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Sean Conner
- Re: Bytecode: Safe or not? / luac manual, Peter Cawley

Prev by Date: Re: Bytecode: Safe or not? / luac manual
Next by Date: Re: Bytecode: Safe or not? / luac manual
Previous by thread: Re: Bytecode: Safe or not? / luac manual
Next by thread: Re: Bytecode: Safe or not? / luac manual
Index(es):
- Date
- Thread