[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: future of bytecode verifier
- From: Javier Guerra <javier@...>
- Date: Thu, 5 Mar 2009 10:28:45 -0500
On Thu, Mar 5, 2009 at 9:49 AM, John Hind <firstname.lastname@example.org> wrote:
> Now you really have me confused! Surely most Lua apps accept "arbitrary user
> code"? After all it is a configuration and customisation language and this
> is the whole point. Sure, I guess most such apps do not *expect* to load
> binary files, but as long as they use the same input stream this will remain
> a possible attack vector. The main risk, as long as binary and text files
> use the same input stream, must be that an attacker replaces a Lua source
> file with his own binary file of the same name?
it's quite simple to be 'safe' when loading source code, just restrict
the available functions and (maybe) running time (to stop infinite
loops). when loading bytecode, OTOH, it's possible to hang the VM
itself. that's what the verifier tried to avoid.