[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Survey of lua sandboxes?
- From: Sam Roberts <vieuxtech@...>
- Date: Tue, 27 Dec 2011 13:14:45 -0800
On Mon, Dec 26, 2011 at 3:11 PM, David Favro <firstname.lastname@example.org> wrote:
> On 12/26/2011 03:31 PM, Gé Weijers wrote:
>> What comes to mind in sandboxing Lua:
>> * disable the code path that loads compiled VM code altogether, in the Lua
>> C source. The small CPU time savings are not worth the risk when you're
>> about to run potentially malicious code.
> Likewise for the first point, providing that you're willing to also disallow
> loading of uncompiled source code, which might often be the case in
> sandboxed contexts.
Perhaps you are not aware that maliciously constructed compiled code
can be used to segfault the interpreter, so a careful attacker could
probably execute arbitrary code. See conversations in the archive.
How careful your sandbox has to be depends on the threat model, how
important what you
are trying to protect is, and whether you are protecting from active
or just inadvertent misuse.