lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


The another solution is a reentrant/recursive GC, as far as I know.

On Tue, Nov 27, 2018, 08:44 Pierre Chapuis <catwell@archlinux.us wrote:
On Tue, Nov 27, 2018, at 10:29, Soni L. wrote:
I am concerned about an attacker setting a __gc metamethod that loops forever and can't be broken.

So this is more about debug hooks not running during `__gc` then?

This is a very real problem that has existed for a very long time [1].
I don't know another solution than not allowing untrusted users to set `__gc`.

All sandboxes I know about (including those implemented in C) that do and
don't do something very violent like spawning a thread and killing it after some
time when unresponsive are somehow vulnerable to this.

[1] https://github.com/lua/lua/commit/6c79a0a80d517354dcc19a1ef64569fba9b19365#diff-8ea37271806c5efe3d7bbb83e67046d1R244

-- 
Pierre Chapuis