Re: Turn off LUA_USE_DLOPEN on iOS

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Turn off LUA_USE_DLOPEN on iOS
From: Hisham <h@...>
Date: Wed, 15 Mar 2017 22:53:09 -0300

On 14 March 2017 at 06:50, Nagaev Boris <bnagaev@gmail.com> wrote:
> On Tue, Mar 14, 2017 at 9:35 AM, 云风 Cloud Wu <cloudwu@gmail.com> wrote:
>>
>>
>> Nagaev Boris <bnagaev@gmail.com>于2017年3月14日周二 下午5:00写道：
>>>
>>> If I understand the thread correctly, it applies only to the app store
>>> and only to cases when code "passes arbitrary parameters". It is not
>>
>>
>> In lua, the code "passes arbitrary parameters" to dlopen/dlsym, because we
>> can pass any string from the script. I guess Apple use a static analysis
>> tool to review the apps submitted to the App Store.
>
> Most scripts pass a fixed set of strings to dlopen/dlsym (modules they
> require). If the static analysis tool doesn't understand this, it is
> not a problem of the app.

Requiring a module from Lua with a fixed string will still translate
to a dlopen() with a variable argument in the Lua interpreter loop. So
yeah, I wouldn't expect a static analyzer to catch that.

-- Hisham

References:
- Turn off LUA_USE_DLOPEN on iOS, 云风 Cloud Wu
- Re: Turn off LUA_USE_DLOPEN on iOS, Nagaev Boris
- Re: Turn off LUA_USE_DLOPEN on iOS, 云风 Cloud Wu
- Re: Turn off LUA_USE_DLOPEN on iOS, Nagaev Boris

Prev by Date: Re: Lua in Moscow 2017: live video feed tomorrow (mostly in English)
Next by Date: Re: When is multiple assignment good style?
Previous by thread: Re: Turn off LUA_USE_DLOPEN on iOS
Next by thread: luaL_Buffer use question
Index(es):
- Date
- Thread