Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
From: Roberto Ierusalimschy <roberto@...>
Date: Sat, 4 Dec 2021 15:45:33 -0300

Thinking about all the cases,  I would consider a more radical
solution. Maybe we should forbid any GC operation while running
a finalizer. As we discussed several times in the past, finalizers
should be used to free resources that cannot be freed by the GC;
period. The less they should do, the better. But that can be a
too radical change for a bug-fix release.

-- Roberto

Follow-Ups:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Viacheslav Usov
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Egor Skriptunoff

References:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회

Prev by Date: Re: [ANN] el - an interactive shell-friendly form of Lua
Next by Date: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Previous by thread: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Next by thread: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Index(es):
- Date
- Thread