tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [patch] safety of Lua byte code

> Nobody would seriously claim, I think, that one can algorithmically
> determine whether a given fragment of Lua *source* code is malicious.

It is impossible, because the _very same code_ may be fairly called
malicious when presented for execution by an attacker but not when
presented for execution by a suitably authorized person.  Therefore,
information beyond the code itself is necessary to determine malice.

Note, too, that there is nothing Lua-specific in the above argument.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML      
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index