[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Reentrant GC
- From: Pierre Chapuis <catwell@...>
- Date: Tue, 27 Nov 2018 11:43:42 +0100
On Tue, Nov 27, 2018, at 10:29, Soni L. wrote:
I am concerned about an attacker setting a __gc metamethod that loops forever and can't be broken.
So this is more about debug hooks not running during `__gc` then?
This is a very real problem that has existed for a very long time [1].
I don't know another solution than not allowing untrusted users to set `__gc`.
All sandboxes I know about (including those implemented in C) that do and
don't do something very violent like spawning a thread and killing it after some
time when unresponsive are somehow vulnerable to this.
--
Pierre Chapuis
