[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: future of bytecode verifier
- From: Luiz Henrique de Figueiredo <lhf@...>
- Date: Thu, 5 Mar 2009 11:42:34 -0300
> 1) I load untrusted code which runs loadstring on evil bytecode that can
> hack my machine.
In this case, you use the load function, not loadstring. The new load function
would have a flag say whether to reject bytecode.
> 2) I load trusted code which runs loadstring on nice bytecode that performs
> useful things.
You use loadstring as usual.
> Will it still be able to load bytecode, so we will have to hook it manually
> to disable it for evil code, like this:
> local _loadstring = loadstring
> function loadstring(src, name)
> if src:byte(1) == 27 then
> return _loadstring(src, name)
Yes, that could work as well. And can be done today.