lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


* John Passaniti:

>> So no loading untrusted bytecode if there is a need for trust...
>
> Well, yeah.  But I think a useful conversation to have would be what
> would need to change or need to be added to Lua in order to make it
> secure from these kinds of attacks, and what are the costs of that
> security.

Apparently, you need to do dataflow analysis on the bytecode:

  <http://article.gmane.org/gmane.comp.lang.lua.general/53028>

That's not going to be super-cheap in any case.