Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit

lua-l archive

Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
From: 김지회 <pascal4847@...>
Date: Sun, 5 Dec 2021 10:28:41 +0900

forbid any GC operation while running a finalizer.
-- Roberto



Oh, that way can solve the problem, obviously.

And, Yes. The patch will be semantically right because finalizers arenot devised to call GC inside of itself as you said.


I think the patch leads to quite a lot of  change in source code.... :-(

Thank you for the deep consideration of this problem.

By the way, If you plan the patch to be applied in version 5.4.5 orlater, may I report this crash into MITRE?



--Regards, Jihoi.

Follow-Ups:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Roberto Ierusalimschy

References:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Roberto Ierusalimschy