lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Am 14.09.2016 um 02:18 schrieb Soni L.:

On 13/09/16 09:04 PM, Peter Cawley wrote:
Yes, it is known, and credible. Defence is to not load untrusted bytecode, or to build your sandboxes at the OS level rather than the Lua level. is another link you might be interested in.

On Wednesday, 14 September 2016, tst2005 < <>> wrote:


    I would like to know if the bug/vulnerability is already known ?
    Is there a CVE number ?
    I'm still trying to reproduce, but it seems credible.


Sign/encrypt your bytecode.
encrypting would not necessarily enhance security above signing, but it hides the script's logic