Re: Security considerations around package.{path,cpath}

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: Security considerations around package.{path,cpath}
• From: Francisco Olarte <folarte@...>
• Date: Sat, 3 Dec 2022 09:43:00 +0100

---

Sean:
On Fri, 2 Dec 2022 at 23:46, Sean Conner <sean@conman.org> wrote:
> Also, malicious code could always modify package.path and package.cpath to
> include the current directory.
(Not properly sandboxed) RUNNING malicious code does not have to
resort to these to wreak havoc.
FOS.

---

• References:
  • Security considerations around package.{path,cpath}, Augusto Stoffel
  • Re: Security considerations around package.{path,cpath}, Sean Conner

• Prev by Date: Re: Upgrading Lua 5.4.2 to 5.4.3+ in a C++ project leads to PANIC
• Next by Date: Re: Security considerations around package.{path,cpath}
• Previous by thread: Re: Security considerations around package.{path,cpath}
• Next by thread: Re: Security considerations around package.{path,cpath}
• Index(es):
  • Date
  • Thread