|
|
|
|
|
|
by myrmidon
503 days ago
|
|
|
Note that loading (maliciously crafted) bytecode is generally not safe in Lua; sandboxing can be escaped in more ways than what's possible when loading plaintext sourcecode, and there are no full mitigations for this currently as far as I know (and would probably be highly interpreter/version sensitive anyway)-- the only "real" mitigation strategy is to just not `load` bytecode at all. But this is probably a non-issue for a lot of usecases. See e.g. https://gist.github.com/corsix/6575486 https://www.corsix.org/content/malicious-luajit-bytecode |
|
|