[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: tostring userdata
- From: Roberto Ierusalimschy <roberto@...>
- Date: Sun, 7 Jul 2019 11:11:38 -0300
> Is ASLR worth it or just some useless obfuscation we don't need to care
> about? I can't judge.
I may be completely wrong here, but as far as I know the main motivation
for ASLR were attacks like stack overflow in C. As far as I know, in
C it is trivial (actually a non-op) to take the address of anything:
functions, data structures, the stack, etc. So, if taking addresses were
really that big problem, ASLR would be dead before starting.
The whole idea of ASLR was to avoid knowing addresses *before* being
able to execute code in the machine. Once you can execute code, things
get pretty hard.
For instance, I could agree with a complain that an error message is
showing a memory address. That is something someone can provoke
and see from outside, without running its own code in the machine.
Attack-resistant sand boxes are hard and tricky (even with hardward
support!). The string library is particularly problematic, because
they provide the only functions that can be called even in an empty
environment, and these functions can greatly ease a DoD attack. (DoD
attacks in pure Lua can be stopped by debug hooks, but slow C functions
do not go through hooks.) Should we remove string methods too, in favor
of "better security"?