[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Bytecode abuse in Lua 5.2 (-work4)
- From: Florian Weimer <fw@...>
- Date: Mon, 23 Aug 2010 19:06:24 +0200
* John Passaniti:
>> So no loading untrusted bytecode if there is a need for trust...
>
> Well, yeah. But I think a useful conversation to have would be what
> would need to change or need to be added to Lua in order to make it
> secure from these kinds of attacks, and what are the costs of that
> security.
Apparently, you need to do dataflow analysis on the bytecode:
<http://article.gmane.org/gmane.comp.lang.lua.general/53028>
That's not going to be super-cheap in any case.
- References:
- Bytecode abuse in Lua 5.2 (-work4), Peter Cawley
- Re: Bytecode abuse in Lua 5.2 (-work4), Majic
- Re: Bytecode abuse in Lua 5.2 (-work4), Martin Guy
- Re: Bytecode abuse in Lua 5.2 (-work4), Joshua Jensen
- Re: Bytecode abuse in Lua 5.2 (-work4), Jonathan Castello
- Re: Bytecode abuse in Lua 5.2 (-work4), Joshua Jensen
- Re: Bytecode abuse in Lua 5.2 (-work4), Martin Guy
- Re: Bytecode abuse in Lua 5.2 (-work4), KHMan
- Re: Bytecode abuse in Lua 5.2 (-work4), HyperHacker
- Re: Bytecode abuse in Lua 5.2 (-work4), KHMan
- Re: Bytecode abuse in Lua 5.2 (-work4), John Passaniti