On Wed, May 8, 2019 at 1:07 AM Egor Skriptunoff wrote:
This way, untrusted code could successfully dump and load your_function() without being able to extract any info about it.
I foresee the question: "Isn't it dangerous to allow untrusted code to load arbitrary bytecode?"
Yes. Maliciously crafted bytecode could crash the interpreter.
But on the other side, if sandbox is unable to run arbitrary Lua code, it is not a good sandbox.
The solution might be to append hash(pwd+bytecode) to every bytecode produced by your string.dump()
If your load() confirmed that hash is correct then this bytecode could be safely loaded.
This way untrusted code could load bytecodes that were previously dumped, but not crafted.
