Re: Are function environments now secure?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Are function environments now secure?
From: Dong Feng <middle.fengdong@...>
Date: Sun, 2 Jun 2013 21:00:56 +0800

I don't think function environment is less temper-proof. Sure you can
modify it through something like debug.getupvalue for which you can
not do with the old "env". But that is pointless in terms of security
because what an attacker can put into _ENV is what the attacker
already has. The point of having a secured _ENV is to prevent the
attacker from getting what he does not have, rather than forbid one
from putting what he already has to anywhere.

2013/6/2 Dirk Laurie <dirk.laurie@gmail.com>:
> Now that getfenv is finally dead and buried, is the function
> environment tamper-proof against anything short of
> debug.getupvalue?
>

References:
- Are function environments now secure?, Dirk Laurie

Prev by Date: Re: documentation
Next by Date: Re: Are function environments now secure?
Previous by thread: Are function environments now secure?
Next by thread: Re: Are function environments now secure?
Index(es):
- Date
- Thread