lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Ah. So the manpage is basically in error because it doesn't know about
the exploits yet.

I really do hope that lbcv covers all the possible violations. Having
a safe way of loading untrusted bytecode is quite crucial to what I
want to be able to do with Mobile Lua.

Once we have safe deserialisation of Lua states - we can achieve total
mobility for all Lua code.

I don't know about you guys, but I for one am really excited about
that perspective.

-Stefan

On Sun, Oct 30, 2011 at 7:29 PM, Luiz Henrique de Figueiredo
<lhf@tecgraf.puc-rio.br> wrote:
>> "Lua always performs a thorough integrity test on precompiled chunks"?
>> I thought everybody agreed that bytecode is unsafe in 5.1.
>>
>> How can the contradiction be solved?
>
> It was solved in 5.2 by removing the bytecode verifier,
> mainly because Peter Cawley has shown several exploits
> of flaws in the bytecode verifier of Lua 5.1. See also
> http://lua-users.org/lists/lua-l/2011-10/msg00214.html