lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Hi Russ,

I'd expect that if your C library has security issues, then using Lua or anything else that interfaces to that library will not protect you. For example, if your C code has buffer overflows, it doesn't matter how it is called - the overflow is there and will potentially cause you grief when the code is run. You'll need to fix up your C code.



On Sun, 18 Sep 2016, Russell Haley wrote:

Thanks Florian. So does interfacing a C library (written poorly by me!) with Lua protect me from potential vulnerabilities in that library?


Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
  Original Message From: Florian Weimer Sent: Sunday, September 18, 2016 11:19 AM To: Reply To: Lua mailing list Subject: Re: Lua exposure to C vulnerabilities?

* Russell Haley:

I have understood that some languages written in C suffer from
security vulnerabilities inherent in the host language.

That's only true for languages which provide access to the C type
system or something closely related (C++ is the prime example). Lua
does not do this.