Re: Bytecode: Safe or not? / luac manual

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Bytecode: Safe or not? / luac manual
From: Frank Meier-Dörnberg <frank@...>
Date: Mon, 31 Oct 2011 18:28:20 +0100

Am 31.10.2011 14:19, schrieb Stefan Reich:

For that, we need to run code from untrusted sources.

Ah! In other words: It is not required that the code comes from one ofyour own (friendly & trustworthy) pluto-serializers.

The code may come from the vicious and sneaky side.

You want to continue not only pure (byte)code, you want to reinstantiatea full Lua-State from a pluto-like image, right?Even a flawless byte code verifier is not the right tool to verify aLua-State, by all I'm able to imagine.

So it may be better to verify the source of the pluto-image than theimage itself ?!


--Frank

Follow-Ups:
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich

References:
- Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Luiz Henrique de Figueiredo
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich
- Re: Bytecode: Safe or not? / luac manual, Frank Meier-Dörnberg
- Re: Bytecode: Safe or not? / luac manual, Stefan Reich

Prev by Date: Re: S.W.O.T analysis
Next by Date: Re: Bytecode: Safe or not? / luac manual
Previous by thread: Re: Bytecode: Safe or not? / luac manual
Next by thread: Re: Bytecode: Safe or not? / luac manual
Index(es):
- Date
- Thread