Re: Security considerations around package.{path,cpath}

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Security considerations around package.{path,cpath}
From: Francisco Olarte <folarte@...>
Date: Sat, 3 Dec 2022 09:43:00 +0100

Sean:

On Fri, 2 Dec 2022 at 23:46, Sean Conner <sean@conman.org> wrote:

>   Also, malicious code could always modify package.path and package.cpath to
> include the current directory.

(Not properly sandboxed) RUNNING malicious code does not have to
resort to these to wreak havoc.

FOS.

References:
- Security considerations around package.{path,cpath}, Augusto Stoffel
- Re: Security considerations around package.{path,cpath}, Sean Conner

Prev by Date: Re: Upgrading Lua 5.4.2 to 5.4.3+ in a C++ project leads to PANIC
Next by Date: Re: Security considerations around package.{path,cpath}
Previous by thread: Re: Security considerations around package.{path,cpath}
Next by thread: Re: Security considerations around package.{path,cpath}
Index(es):
- Date
- Thread