lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Fri, Nov 15, 2013 at 3:59 PM, Sir Pogsalot <sir.pogsalot@gmail.com> wrote:
> In response to Coda:
>
> I don't agree that opening up file handle creation to the C side of Lua
> would mean we have to forgo an appropriate level of security.  Lua does have
> a fair bit of type checking code to make sure its receiving file handles in
> the io library... The easiest way to fool it is to take any userdata you
> want and set the metatable to the "FILE*" table in the registry -- if you
> use the right io function you can cause a segfault if it looks at
> non-existent members of the userdata.  This would be easier in Lua 5.1
> because you have newproxy() to create a zero-sized userdata. :-)  Still --
> *SECURITY* :D

Oh sure, but that's not what I was talking about. Exposing access to
the filesystem with generic functions gives the script full access to
everything that the user it's running under can access. That's a far
bigger security vulnerability than allowing a user to monkey-patch
opening a file in the first place. If you're not worried about opening
arbitrary files, then allowing extensions to open() really isn't a big
deal by comparison.

/s/ Adam