[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
- From: 김지회 <pascal4847@...>
- Date: Wed, 8 Dec 2021 02:53:06 +0900
I'd suggest considering another radical change. Instead of
"finalizers", let a C library that creates user data supply a
"destructor" that is called by GC just before a given datum is
positively going to be deallocated. Essentially like a C++ destructor.
Well, I don't think the problem comes from finalizer itself.
Instead, It comes from the fact that finalizer function can call garbage
collector (or even change mod of it).
Obviously, your idea can get rid of this sort of problems quite well.
But I can't be sure that the great fix is worth patching. (It's just my
opinion.)
Personally, I love the feature of metatable and finalizer - and it's
charm of Lua!
On the other hand, according to Roberto, It seems that there must be a
huge( radical ) fix.
I don't know what will happen, but it's nice time to discuss about
finalizer logic, I think.
I think we can make another thread to discuss about patch of this problem.
By the way, If there are no objections to this vulnerability and crash
analysis, I'll report it to MITRE soon.
Maybe this mail thread is about to be closed.
Thank you for all your brilliant ideas and kind replies.
--Regards, Jihoi.
