[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Reentrant GC
- From: Pierre Chapuis <catwell@...>
- Date: Tue, 27 Nov 2018 12:04:55 +0100
Yes maybe, I meant with stock Lua.
On Tue, Nov 27, 2018, at 11:49, Soni L. wrote:
The another solution is a reentrant/recursive GC, as far as I know.
On Tue, Nov 27, 2018, at 10:29, Soni L. wrote:
I am concerned about an attacker setting a __gc metamethod that loops forever and can't be broken.
So this is more about debug hooks not running during `__gc` then?
This is a very real problem that has existed for a very long time .
I don't know another solution than not allowing untrusted users to set `__gc`.
All sandboxes I know about (including those implemented in C) that do and
don't do something very violent like spawning a thread and killing it after some
time when unresponsive are somehow vulnerable to this.