[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: __gc visible to lua code...
- From: "Kristofer Karlsson" <kristofer.karlsson@...>
- Date: Fri, 30 Mar 2007 15:20:17 +0200
2007/3/30, Graham Wakefield <lists@grahamwakefield.net>:
Hi,
Today I discovered that a __gc method installed on a userdata
metatable is visible to Lua code; when called out of context it is
likely to cause crashes, so any __gc metamethod in C must typecheck
the argument.
I was surprised to find this out, I thought __gc would be 'hidden'
from Lua. I'm not sure I can think of a reason why you'd want to
call a userdata's __gc from lua code.
Thought others should know.
Graham
Wouldn't a sufficient solution be to set the __metatable field of the userdata metatable to "access denied" or something similar. That way you can ensure that your untrusted lua code can't have access to the __gc metamethod. Assuming of course that you don't expose the metatable or the __gc metamethod some other way.