Re: Soundness of table.sort

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Soundness of table.sort
From: Coda Highland <chighland@...>
Date: Thu, 5 Nov 2015 09:49:36 -0800

On Thu, Nov 5, 2015 at 9:47 AM, Roberto Ierusalimschy
<roberto@inf.puc-rio.br> wrote:
>> Alternatively, the attached is based on "A Killer Adversary for
>> Quicksort". At least for 2^8, it ends up finding a remarkably similar
>> bad-case input:
>>
>> [...]
>
> This is a quite different beast. If you allow the attacker to choose
> the comparison function, all bets are off.
>
> -- Roberto
>

Quite, and trivially so: That's an untrusted code execution, plain and
simple. It can do anything the attacker wants. Finding a way to sneak
it into the sort function is, at most, an attempt to obfuscate the
payload.

/s/ Adam

References:
- Soundness of table.sort, takuya hashimoto
- Re: Soundness of table.sort, Dirk Laurie
- Re: Soundness of table.sort, Tim Hill
- Re: Soundness of table.sort, Roberto Ierusalimschy
- Re: Soundness of table.sort, Dirk Laurie
- Re: Soundness of table.sort, Peter Cawley
- Re: Soundness of table.sort, Roberto Ierusalimschy

Prev by Date: Re: Soundness of table.sort
Next by Date: Re: Soundness of table.sort
Previous by thread: Re: Soundness of table.sort
Next by thread: Re: Soundness of table.sort
Index(es):
- Date
- Thread