Re: Lua is too big

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Lua is too big
From: Peter Cawley <lua@...>
Date: Wed, 11 Jun 2014 18:52:43 +0100

On Wed, Jun 11, 2014 at 6:26 PM, Sean Conner <sean@conman.org> wrote:
>   How can you escape from a sandbox using OP_FORLOOP?

In 5.1, OP_FORLOOP can be used to get the address of a Lua string.
This information leakage can be combined with other VM flaws to escape
from a sandbox, as described at
https://gist.github.com/corsix/6575486.

References:
- Lua is too big, Thiago L.
- Re: Lua is too big, Sean Conner

Prev by Date: Re: new user
Next by Date: Re: 2D vectors
Previous by thread: Re: Lua is too big
Next by thread: table.unpack(...) and the __index metamethod
Index(es):
- Date
- Thread