Re: [patch] safety of Lua byte code

To: tech-kern%NetBSD.org@localhost
Subject: Re: [patch] safety of Lua byte code
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Sun, 17 Nov 2013 18:39:08 -0500 (EST)

> Nobody would seriously claim, I think, that one can algorithmically
> determine whether a given fragment of Lua *source* code is malicious.

It is impossible, because the _very same code_ may be fairly called
malicious when presented for execution by an attacker but not when
presented for execution by a suitably authorized person.  Therefore,
information beyond the code itself is necessary to determine malice.

Note, too, that there is nothing Lua-specific in the above argument.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- RE: [patch] safety of Lua byte code
  - From: Terry Moore

Prev by Date: Re: A Library for Converting Data to and from C Structs for Lua
Next by Date: Re: A Library for Converting Data to and from C Structs for Lua
Previous by Thread: RE: [patch] safety of Lua byte code
Indexes:

Home | Main Index | Thread Index | Old Index