[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua exposure to C vulnerabilities?
- From: Russell Haley <russ.haley@...>
- Date: Sun, 18 Sep 2016 17:36:51 -0700
I agree that fixing instability in one's code is best. However, the library is hypothetical. (note, I only have a rudimentary understanding of these issues.) If my 'library' failed to do proper bounds checking and had the potential for buffer overruns (for example) when exposed to a network, would calling said library from Lua protect me?
Russ
Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
Original Message
From: Tim Hume
Sent: Sunday, September 18, 2016 3:53 PM
To: Lua mailing list
Reply To: Lua mailing list
Subject: Re: Lua exposure to C vulnerabilities?
>
> So, like, an io.open with a very large filename could allow arbitrary code
> execution? O_o
>
>
Don't know about io.open, ... but the original poster said it was his own
C library he was interfacing. So who knows what could happen inside the C
library when the code is run from a Lua program, or anything else for that
matter? The solution is to fix the root cause of the problem.
Cheers,
Tim.
