Re: Lua exposure to C vulnerabilities?

["Soni L." <fakedme@...>]

On 18/09/16 07:38 PM, Tim Hume wrote:
> Hi Russ,
>
> I'd expect that if your C library has security issues, then using Lua 
> or anything else that interfaces to that library will not protect you. 
> For example, if your C code has buffer overflows, it doesn't matter 
> how it is called - the overflow is there and will potentially cause 
> you grief when the code is run. You'll need to fix up your C code.
>
> Cheers,
>
> Tim.
>
> On Sun, 18 Sep 2016, Russell Haley wrote:
>
> > Thanks Florian. So does interfacing a C library (written poorly by 
> > me!) with Lua protect me from potential vulnerabilities in that library?
> >
> > Russ
> >
> > Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
> >   Original Message From: Florian Weimer Sent: Sunday, September 18, 
> > 2016 11:19 AM To: lua-l@lists.lua.org Reply To: Lua mailing list 
> > Subject: Re: Lua exposure to C vulnerabilities?
> >
> > * Russell Haley:
> >
> > > I have understood that some languages written in C suffer from
> > > security vulnerabilities inherent in the host language.
> >
> > That's only true for languages which provide access to the C type
> > system or something closely related (C++ is the prime example). Lua
> > does not do this.

So, like, an io.open with a very large filename could allow arbitrary 
code execution? O_o

--
Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.