Re: lua bytecode and sandbox evasion ?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: lua bytecode and sandbox evasion ?
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 14 Sep 2016 11:09:41 -0300

> Yes, it is known, and credible. Defence is to not load untrusted bytecode,
> or to build your sandboxes at the OS level rather than the Lua level.

Note that Lua 5.2 introduced the parameter 'mode' in 'load' and
'loadfile', which allows us to prevent the execution of bytecodes.

-- Roberto

References:
- lua bytecode and sandbox evasion ?, tst2005
- Re: lua bytecode and sandbox evasion ?, Peter Cawley

Prev by Date: Re: many beautiful things
Next by Date: Re: Programming in Lua, fourth edition
Previous by thread: Re: lua bytecode and sandbox evasion ?
Next by thread: Re: Programming in Lua, fourth edition
Index(es):
- Date
- Thread