lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


> I am not sure what that was supposed to demonstrate. Yes, it is not a
> pathname, which makes this subject to an implementation-defined limit,
> and all of Lua, Perl and Python let their users exceed the limit and
> crash the process.
> 
> Since this is currently not listed as a bug in Lua, this is apparently
> believed to be correct behavior. Why then was it a completely
> different story with io.popen?

1) The issue with io.open is a well documented restriction, while
the issue with loadlib seems to be a bug in libc/dlopen.

2) An invalid mode for popen seems like a realistic mistake; a name
with 10e7 characters to loadlib seems possible only with malice.

3) loadlib is inherently low-level and unsafe, so this issue is just one
more way to use that function to crash the program when malice is in the
equation:

  > package.loadlib("/lib/x86_64-linux-gnu/libc.so.6", "memcpy")()
  Segmentation fault (core dumped)

-- Roberto