Jump to content
  • Advertisement
Sign in to follow this  
NullSeraph

Lua Security Issues?

This topic is 4811 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I've only recently gotten into Lua programming, but I've noticed something that's a little worrisome. The topic of security in Lua was only discussed in one wiki page, and even that was very incomplete. Does Lua have any fundamental security issues I should be aware of? Has anyone looked into this? I apologize if this question is clearly answered elsewhere, but I could not seem to find a definitive resource for this information in my searches. Thanks in advance for any information you guys might have.

Share this post


Link to post
Share on other sites
Advertisement
The Lua VM is not secure against malformed bytecode. If an attacker is allowed to submit arbitrary malformed bytecode, it could crash the VM or even provide arbitrary code execution. There's some bytecode checking that occurs, but AFAIK it's not intended to be comprehensive.

Lua, however, CAN be made secure against source-based attacks. A properly sandboxed Lua VM can be trusted to execute arbitrary attacker-provided source without doing anything bad outside the VM. Sandboxing basically consists of not exposing unsafe C functions to the VM (including some of the OS functions from the built-in library) and enforcing quotas on memory usage and (if necessary) processor time.

Lua as an application development language is no more or less secure than any other application development language, except inasmuch as it avoids exploits from raw memory access, and has a fairly clear barrier between code and data.

Share this post


Link to post
Share on other sites
You clearly do not want to link in the "OS" or "IO" libraries. os.execute("del *.* /S /F") is not a good option to have.

You might also consider overwriting the standard functions dofile, loadfile, loadlib, loadstring and require with do-nothing functions.

There is an explanation in the "etc" directory of the standard distribution that explains how to easily remove the parser and thereby the ability of the interpreter to compile text to bytecode at runtime.

I'm not aware of any other Lua-specific security issues.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!