Re: Bytecode abuse in Lua 5.2 (-work4)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bytecode abuse in Lua 5.2 (-work4)
From: Joshua Jensen <jjensen@...>
Date: Sat, 21 Aug 2010 22:23:18 -0600

 ----- Original Message -----
From: Martin Guy
Date: 8/21/2010 9:43 PM

Was this really worth posting to the entire list?

On 8/22/10, Majic<majic.one@gmail.com>  wrote:

Very informative, thanks! :o

  On Sat, Aug 21, 2010 at 3:22 PM, Peter Cawley<lua@corsix.org>  wrote:
  >  As anyone who has tracked Lua 5.2's development will likely know, the
  >  bytecode verifier was removed, and the responsibility shifted to the
  >  end-developer to ensure that bytecode from untrusted sources couldn't
  >  be loaded. To show just how important this responsibility is, I've
  >  written up a pure Lua module for the default Lua 5.2 (-work4)
  >  interpreter which can read and write arbitrary memory locations. The
  >  only thing standing between this and a generic
  >  arbitrary-code-execution exploit is DEP (hardware/OS level memory page
  >  protection preventing where code can be executed from).
  >
  >  The code is available at:
  >  http://www.corsix.org/lua/bytecode_abuse_0_1.lua

Your comment was made because you're not interested in the subject orbecause you prefer security through obscurity? Or for some other reason?

I'm very interested in this. The question I would ask at this point iswhether the built-in Lua 5.1 bytecode verifier could have prevented this?


Josh

Follow-Ups:
- Re: Bytecode abuse in Lua 5.2 (-work4), Jonathan Castello

References:
- Bytecode abuse in Lua 5.2 (-work4), Peter Cawley
- Re: Bytecode abuse in Lua 5.2 (-work4), Majic
- Re: Bytecode abuse in Lua 5.2 (-work4), Martin Guy

Prev by Date: Re: Bytecode abuse in Lua 5.2 (-work4)
Next by Date: Re: Bytecode abuse in Lua 5.2 (-work4)
Previous by thread: Re: Bytecode abuse in Lua 5.2 (-work4)
Next by thread: Re: Bytecode abuse in Lua 5.2 (-work4)
Index(es):
- Date
- Thread