lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

--- In lua-l@y..., Adolf Mathias <dolfi@z...> wrote:
> The compiler is in a position to (theoretically) construct VM code 
> that is safe.Safe in a sense that it doesn't, say, do things or call
> functions that it's not supposed to. This is not the case with
> precompiled code in a string, since it can contain about anything 
> that the VM can do. 
> <paranoia mode on>
> The only place for precompiled code that resides in memory is in a 
> data type that has no other access possibilities but execution and 
> might have some cryptographic signature in order to prove that it  
> has not been altered in some way.
> <paranoia mode off>

Beg to disgree here. Security vetting of code does not belong in the 
compiler. It belongs in the VM, or more properly, in the external 
functions available to the VM. If you want secure file IO for 
instance, the way to implement it is not to add an extra verification 
pass to the interpreter (what for?) but to ensure that the only Lua-
callable file IO functions available to that particular Lua instance 
contain verification routines (eg user/password checks). This is one 
of the strong points of Lua as it exists, that the Lua core comes 
with very few intrinsic functions; everything including IO is located 
in external libraries. 

The only difference between bytecode and source code is (or should 
be) compactness of representation, and differences due to 
optimization, macro expansion etc. Source code is basically human-
readable bytecode. 

Cheers, Elliott