Re: The security of function load

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: The security of function load
From: Rena <hyperhacker@...>
Date: Wed, 23 Sep 2020 17:11:29 -0400

On Wed, Sep 23, 2020 at 4:24 PM Yongheng Chen <changochen1@gmail.com> wrote:
>
> The function load accepts a binary chunk as argument. I wonder if is it memory-safe against malformed binary chunks? I couldn’t find related materials about it.
>
>
>
> Best,
>
> Yongheng Chen
>
>

It is not. Previous efforts to harden it against such attacks proved
more work than it was worth. You can prevent loading binary chunks
entirely, but in general you must trust the code being loaded.

-- 
Sent from my Game Boy.

Follow-Ups:
- RE: The security of function load, Yongheng Chen
- Re: The security of function load (+ some remarks on fuzzing), nobody

References:
- The security of function load, Yongheng Chen

Prev by Date: The security of function load
Next by Date: RE: The security of function load
Previous by thread: The security of function load
Next by thread: RE: The security of function load
Index(es):
- Date
- Thread