Re: Finalizers and Lua.org demo page

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: Finalizers and Lua.org demo page
• From: "Soni L." <fakedme@...>
• Date: 2017年7月27日 12:27:52 -0300

---

On 2017年07月27日 02:50 AM, Mikhail Zaycev wrote:

"Lua does not check the consistency of binary chunks. Maliciously crafted binary chunks can crash the interpreter."
(https://www.lua.org/manual/5.3/manual.html#pdf-load)
I think, load() should not be available to user. Potentially it is as dangerous as os.execute().

HMAC on string.dump(), verify HMAC on load().
--
Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.

---

• Follow-Ups:
  • Re: Finalizers and Lua.org demo page, Coda Highland

• References:
  • Finalizers and Lua.org demo page, Egor Skriptunoff
  • Re: Finalizers and Lua.org demo page, Luiz Henrique de Figueiredo
  • Re: Finalizers and Lua.org demo page, Luiz Henrique de Figueiredo
  • Re: Finalizers and Lua.org demo page, Luiz Henrique de Figueiredo
  • Re: Finalizers and Lua.org demo page, Luiz Henrique de Figueiredo
  • Re: Finalizers and Lua.org demo page, Egor Skriptunoff
  • Re: Finalizers and Lua.org demo page, Mikhail Zajcev
  • Re: Finalizers and Lua.org demo page, Egor Skriptunoff
  • Re: Finalizers and Lua.org demo page, Mikhail Zajcev
  • Re: Finalizers and Lua.org demo page, Egor Skriptunoff
  • Re: Finalizers and Lua.org demo page, Mikhail Zajcev
  • Re: Finalizers and Lua.org demo page, Egor Skriptunoff
  • Re: Finalizers and Lua.org demo page, Mikhail Zajcev
  • Re: Finalizers and Lua.org demo page, Egor Skriptunoff
  • Re: Finalizers and Lua.org demo page, Mikhail Zaycev

• Prev by Date: Re: ipairs and metamethods in 5.3
• Next by Date: Re: Finalizers and Lua.org demo page
• Previous by thread: Re: Finalizers and Lua.org demo page
• Next by thread: Re: Finalizers and Lua.org demo page
• Index(es):
  • Date
  • Thread