Re: Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check
From: Andrew Gierth <andrew@...>
Date: Tue, 26 Oct 2021 03:18:20 +0100

[CC'ing back to the list]

>>>>> "woosun" == woosun Kang <kws981924@gmail.com> writes:

 woosun> Thanks for your reply.
 woosun> In fact, I have seen reports of crashes using the debug
 woosun> function in CVE-2020-15945. So I must have misunderstood that
 woosun> Lua was getting reports of crashes with debug functions. I’m
 woosun> sorry.

That CVE refers to a case where one of the debug functions did have a
real bug, and would crash in some circumstances even when used in a way
that ought to have been safe.

The difference in the case you reported is that the debug functions you
used all did exactly what they were supposed to do, it's just that you
used them to alter the interpreter state in an unsafe manner.

-- 
Andrew.

References:
- Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check, 강우선_4522
- Re: Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check, Andrew Gierth

Prev by Date: Re: Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check
Next by Date: deadline replacement
Previous by thread: Re: Lua 5.4.4 Sandbox Escaping & Type confusion caused by the absence of type check
Next by thread: deadline replacement
Index(es):
- Date
- Thread