[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
- From: Roberto Ierusalimschy <roberto@...>
- Date: Tue, 7 Dec 2021 15:05:06 -0300
> On the other hand, according to Roberto, It seems that there must be a
> huge( radical ) fix.
> I don't know what will happen, but it's nice time to discuss about
> finalizer logic, I think.
I don't think it is a huge or radical fix. It is just something
that can break compatibility, if a program does something fancy
with the GC inside a finalizer. (I am not sure what that could be :-)
Otherwise, it is a local and small fix.
It is interesting to note that one 'collectgarbage' functionality
already does not work when called from a finalizer, and apparently
nobody cared. :-)