|
|
|
|
|
|
by mikemike
1558 days ago
|
|
|
That's what I'm wondering, too, right now. It's trivial to DoS-hang redis with the script feature (and SCRIPT KILL won't help). And I found at least 3 DoS-crash, because it hasn't backported fixes to its copy of Lua 5.1.5 (but Debian's liblua 5.1 might -- I haven't checked). And that's without even exploring the really problematic builtins it still has available. Maybe they should instead clarify their security guarantee for redis scripting (e.g. "none"). |
|
|