lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Thu, Mar 5, 2009 at 6:06 AM, Ralph Hempel
<> wrote:
> John Hind wrote:
>> This approach makes Lua "safe by default" and anyone implementing bytecode
>> support is made responsible for the integrity of the bytecodes between
>> write
>> and read operations (for example by restricting to a protected store, or
>> even by implementing cryptographic signing).
> Strongly agree.

Lua isn't "safe by default" now. By default, it exposes the debug
library, and os.execute(). I like that. Running code of unknown
provenance, byte or string, is unsafe by its very nature.