[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Suggestion: Lua 5.3 -- a facility for creating and manipulting Lua file handles (C API)
- From: Coda Highland <chighland@...>
- Date: Fri, 15 Nov 2013 16:38:44 -0800
On Fri, Nov 15, 2013 at 3:59 PM, Sir Pogsalot <sir.pogsalot@gmail.com> wrote:
> In response to Coda:
>
> I don't agree that opening up file handle creation to the C side of Lua
> would mean we have to forgo an appropriate level of security. Lua does have
> a fair bit of type checking code to make sure its receiving file handles in
> the io library... The easiest way to fool it is to take any userdata you
> want and set the metatable to the "FILE*" table in the registry -- if you
> use the right io function you can cause a segfault if it looks at
> non-existent members of the userdata. This would be easier in Lua 5.1
> because you have newproxy() to create a zero-sized userdata. :-) Still --
> *SECURITY* :D
Oh sure, but that's not what I was talking about. Exposing access to
the filesystem with generic functions gives the script full access to
everything that the user it's running under can access. That's a far
bigger security vulnerability than allowing a user to monkey-patch
opening a file in the first place. If you're not worried about opening
arbitrary files, then allowing extensions to open() really isn't a big
deal by comparison.
/s/ Adam
