lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


lua.c collectargs seems to assume that argv has at least one element
(the binary's name, by convention). As people have recently
(re)discovered, some OSes (e.g. Linux) don't guarantee that [0] which
enables up some attack vectors [1]. I don't think many people run
standalone Lua setuid, but you might want to check for this anyway for

Best regards,