Re: Lua exposure to C vulnerabilities?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua exposure to C vulnerabilities?
From: Tim Hume <tim@...>
Date: Mon, 19 Sep 2016 08:38:10 +1000 (AEST)

Hi Russ,

I'd expect that if your C library has security issues, then using Lua oranything else that interfaces to that library will not protect you. Forexample, if your C code has buffer overflows, it doesn't matter how it iscalled - the overflow is there and will potentially cause you grief whenthe code is run. You'll need to fix up your C code.


Cheers,

Tim.

On Sun, 18 Sep 2016, Russell Haley wrote:

Thanks Florian. So does interfacing a C library (written poorly by me!)with Lua protect me from potential vulnerabilities in that library?
Russ

Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
Original Message From: Florian Weimer Sent: Sunday, September 18, 201611:19 AM To: lua-l@lists.lua.org Reply To: Lua mailing list Subject: Re:Lua exposure to C vulnerabilities?
* Russell Haley:
I have understood that some languages written in C suffer from
security vulnerabilities inherent in the host language.
That's only true for languages which provide access to the C type
system or something closely related (C++ is the prime example). Lua
does not do this.

Follow-Ups:
- Re: Lua exposure to C vulnerabilities?, Soni L.
- Re: Lua exposure to C vulnerabilities?, Roberto Ierusalimschy

References:
- Lua exposure to C vulnerabilities?, Russell Haley
- Re: Lua exposure to C vulnerabilities?, Florian Weimer
- Re: Lua exposure to C vulnerabilities?, Russell Haley

Prev by Date: Re: Lua exposure to C vulnerabilities?
Next by Date: Re: Lua exposure to C vulnerabilities?
Previous by thread: Re: Lua exposure to C vulnerabilities?
Next by thread: Re: Lua exposure to C vulnerabilities?
Index(es):
- Date
- Thread