lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

The another solution is a reentrant/recursive GC, as far as I know.

On Tue, Nov 27, 2018, 08:44 Pierre Chapuis < wrote:
On Tue, Nov 27, 2018, at 10:29, Soni L. wrote:
I am concerned about an attacker setting a __gc metamethod that loops forever and can't be broken.

So this is more about debug hooks not running during `__gc` then?

This is a very real problem that has existed for a very long time [1].
I don't know another solution than not allowing untrusted users to set `__gc`.

All sandboxes I know about (including those implemented in C) that do and
don't do something very violent like spawning a thread and killing it after some
time when unresponsive are somehow vulnerable to this.


Pierre Chapuis