Re: tostring userdata

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: tostring userdata
From: Roberto Ierusalimschy <roberto@...>
Date: Wed, 3 Jul 2019 10:51:27 -0300

> While we are on this subject, giving Lua scripts access to the pointer
> address to something in memory is a needless footstool to breaking out of a
> sandbox and potentially taking over an application.

1) I disagree this is "needless". I find it useful.

2) After your explanations, I still fail to see how this is a
"footstool". If we assume poorly written libraries, anything
can be dangerous.

3) If you really think this is dangerous, it just got worse :-)

  $ lua
  Lua 5.4.0  Copyright (C) 1994-2019 Lua.org, PUC-Rio
  > string.format("%p", {})
  0x2108f70

(After several requests for a "rawtostring".)


> It'd be more secure if
> Lua assigned an instance counter to userdata and printed that. A new
> __instance metamethod could complement the __name one to allow customizing.

It'd would also be slower. It'd would also increase the memory overhead
for userdata. And why only userdata? Any memory address might be
in danger (strings spring to mind), once we assume poorly written
libraries.

Moreover, there are some problems with such global counter. (We just
had this discussion on this list, about numbering string instances.)
Not to mention your own argument regarding light userdata.

-- Roberto

Follow-Ups:
- Re: tostring userdata, Patrick Donnelly

References:
- Re: tostring userdata, Patrick Donnelly

Prev by Date: Re: Non-linear lexical scoping (again) and an idea about __unset
Next by Date: What's the status of the old idea "variable metatable" (original per-value metatable)?
Previous by thread: Re: tostring userdata
Next by thread: Re: tostring userdata
Index(es):
- Date
- Thread