[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Security of the Lua implementation?
- From: Bennett Todd <bet@...>
- Date: Tue, 8 Sep 1998 10:58:34 -0400
I'm considering applying Lua to a current project of mine: rewriting procmail.
The goal is to produce something with similar functionality and performance to
procmail, but with a much simpler, clearer, more elegant configuration
language (Lua would certainly win there!) and a simple, clear, easy-to-audit
implementation. Has anyone looked at the source code to the Lua interpreter
with an eye to security? The reason it's such a critical issue is that one
wants to make data from headers and perhaps the body of the email message
available to the Lua code, and since random (and hence potentially hostile)
strangers can specify that content, the language must not fail in any
unexpected way when presented with unusual content. Offhand, Lua's
counted-arbitrary-binary-strings implementation sounds promising that