[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Specially crafted binary chunks can cause Lua to crash
- From: "Ben Sunshine-Hill" <sneftel@...>
- Date: Thu, 27 Mar 2008 09:20:02 -0400
On Thu, Mar 27, 2008 at 7:40 AM, Luiz Henrique de Figueiredo
<lhf@tecgraf.puc-rio.br> wrote:
> > loadstring() can be abused to create a boolean that is neither
> > true nor false.
>
> Thanks for the report! But that's a different issue. The chunk runs
> fine; it just does not do anything sensible. Making sure that chunks are
> sensible is unsolvable... As long as they do not crash the host.
Really? Depending on a boolean being true or false strikes me as the
sort of thing that authors of security-needing modules will do without
thinking about it, and then crashes (or worse) DO occur. Either this
behavior is part of the language standard, and should be exhaustively
documented as to its implications, or it's not, and shouldn't be
allowed. Allowing programmers to do hackish things through bytecode
which the language itself doesn't allow strikes me as all sorts of a
bad thing.
Ben
- References:
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Luiz Henrique de Figueiredo
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Roberto Ierusalimschy
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Roberto Ierusalimschy
- Re: Specially crafted binary chunks can cause Lua to crash, Peter Cawley
- Re: Specially crafted binary chunks can cause Lua to crash, Greg Falcon
- Re: Specially crafted binary chunks can cause Lua to crash, Luiz Henrique de Figueiredo