[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Lua exposure to C vulnerabilities?
- From: Tim Hume <tim@...>
- Date: Mon, 19 Sep 2016 08:38:10 +1000 (AEST)
I'd expect that if your C library has security issues, then using Lua or
anything else that interfaces to that library will not protect you. For
example, if your C code has buffer overflows, it doesn't matter how it is
called - the overflow is there and will potentially cause you grief when
the code is run. You'll need to fix up your C code.
On Sun, 18 Sep 2016, Russell Haley wrote:
Thanks Florian. So does interfacing a C library (written poorly by me!)
with Lua protect me from potential vulnerabilities in that library?
Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
Original Message From: Florian Weimer Sent: Sunday, September 18, 2016
11:19 AM To: email@example.com Reply To: Lua mailing list Subject: Re:
Lua exposure to C vulnerabilities?
* Russell Haley:
I have understood that some languages written in C suffer from
security vulnerabilities inherent in the host language.
That's only true for languages which provide access to the C type
system or something closely related (C++ is the prime example). Lua
does not do this.