[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Turn off LUA_USE_DLOPEN on iOS
- From: Nagaev Boris <bnagaev@...>
- Date: Tue, 14 Mar 2017 09:50:49 +0000
On Tue, Mar 14, 2017 at 9:35 AM, 云风 Cloud Wu <cloudwu@gmail.com> wrote:
>
>
> Nagaev Boris <bnagaev@gmail.com>于2017年3月14日周二 下午5:00写道:
>>
>> If I understand the thread correctly, it applies only to the app store
>> and only to cases when code "passes arbitrary parameters". It is not
>
>
> In lua, the code "passes arbitrary parameters" to dlopen/dlsym, because we
> can pass any string from the script. I guess Apple use a static analysis
> tool to review the apps submitted to the App Store.
Most scripts pass a fixed set of strings to dlopen/dlsym (modules they
require). If the static analysis tool doesn't understand this, it is
not a problem of the app.
>> equal to banning this function on whole the platform. If the code is
>> not put to the app store or if dlopen is used to open DLL which is a
>> part of the same app, it seems OK from the thread. Which is not OK
>> from the thread is downloading DLL from remote servers and loading
>> them to the app.
>
>
> The mostly app on iOS platform would put on to the app store, so I think
> turn off LUA_USE_DLOPEN on iOS by default would be better.
I know people using that platform and running Lua scripts manually.
Turning off LUA_USE_DLOPEN would make difficulties to their workflow.
--
Best regards,
Boris Nagaev
