lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Alexander Chernoskutov:

Could someone please assess, is this bug exploitable from the security point of view? Is it possible to potentially escape the interpreter and run arbitrary code (on a system with no memory protection), or memory corruption is unpredictable?

This can likely be used to get arbitrary code execution with a prepared heap memory layout. However, when allowing untrusted code to load binary Lua chunks, they can get arbitrary code execution in other (easier) ways too. Therefore, sandboxes that already disabled the loading of binary Lua chunks for security should not be affected.