Re: Precompiled Lua and safety

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: Precompiled Lua and safety
• From: Rici Lake <lua@...>
• Date: 2007年1月28日 16:00:08 -0500

---

On 28-Jan-07, at 3:34 PM, Gé Weijers wrote:

Here's a question:

A Java VM is required to validate all compiled programs before executing them, because one of the goals of the Java language is to allow execution of untrusted code. How much damage could you do by maliciously hand-crafting a compiled Lua program and feeding it to the interpreter?

Not much, if any. The Lua bytecode loader validates the bytecode, although I don't know of any formal proof of its correctness. It ensures that no opcode references slots outside of its stack frame, and a variety of other conditions which might otherwise cause crashes in the VM.

---

• References:
  • Precompiled Lua and safety, Gé Weijers

• Prev by Date: Re: How do I change Environment variables
• Next by Date: Re: getting upvalues in current thread's environment?
• Previous by thread: Precompiled Lua and safety
• Next by thread: copy a table
• Index(es):
  • Date
  • Thread