Re: Lua exposure to C vulnerabilities?
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
- Subject: Re: Lua exposure to C vulnerabilities?
- From: "Soni L." <fakedme@...>
- Date: 2016年9月18日 19:42:22 -0300
On 18/09/16 07:38 PM, Tim Hume wrote:
Hi Russ,
I'd expect that if your C library has security issues, then using Lua
or anything else that interfaces to that library will not protect you.
For example, if your C code has buffer overflows, it doesn't matter
how it is called - the overflow is there and will potentially cause
you grief when the code is run. You'll need to fix up your C code.
Cheers,
Tim.
On 2016年9月18日, Russell Haley wrote:
Thanks Florian. So does interfacing a C library (written poorly by
me!) with Lua protect me from potential vulnerabilities in that library?
Russ
Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
Original Message From: Florian Weimer Sent: Sunday, September 18,
2016 11:19 AM To: lua-l@lists.lua.org Reply To: Lua mailing list
Subject: Re: Lua exposure to C vulnerabilities?
* Russell Haley:
I have understood that some languages written in C suffer from
security vulnerabilities inherent in the host language.
That's only true for languages which provide access to the C type
system or something closely related (C++ is the prime example). Lua
does not do this.
So, like, an io.open with a very large filename could allow arbitrary
code execution? O_o
--
Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.