lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

> lua.c collectargs seems to assume that argv has at least one element
> (the binary's name, by convention). As people have recently
> (re)discovered, some OSes (e.g. Linux) don't guarantee that [0] which
> enables up some attack vectors [1]. I don't think many people run
> standalone Lua setuid, but you might want to check for this anyway for
> correctness.

Many thanks for the report.

-- Roberto