Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
From: Roberto Ierusalimschy <roberto@...>
Date: Tue, 7 Dec 2021 15:05:06 -0300

> On the other hand, according to Roberto, It seems that there must be a
> huge( radical ) fix.
> I don't know what will happen, but it's nice time to discuss about
> finalizer logic, I think.

I don't think it is a huge or radical fix. It is just something
that can break compatibility, if a program does something fancy
with the GC inside a finalizer. (I am not sure what that could be :-)
Otherwise, it is a local and small fix.

It is interesting to note that one 'collectgarbage' functionality
already does not work when called from a finalizer, and apparently
nobody cared. :-)

-- Roberto

Follow-Ups:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회

References:
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Roberto Ierusalimschy
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, Viacheslav Usov
- Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit, 김지회

Prev by Date: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Next by Date: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Previous by thread: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Next by thread: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
Index(es):
- Date
- Thread