You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is safe to load malformed binary chunks; load signals an appropriate error. However, Lua does not check the consistency of the code inside binary chunks; running maliciously crafted bytecode can crash the interpreter.
...and interpreter in our case is the rpm main process.
I don't know whether it's possible to stick a binary Lua chunk into one of our scriptlets in the header as such to get rpm to directly run it, but the Lua load() in our embedded environment is unrestricted. And rpm's own runner uses luaL_loadbuffer() which doesn't discriminate...
The text was updated successfully, but these errors were encountered:
Quoting the Lua manual:
...and interpreter in our case is the rpm main process.
I don't know whether it's possible to stick a binary Lua chunk into one of our scriptlets in the header as such to get rpm to directly run it, but the Lua load() in our embedded environment is unrestricted. And rpm's own runner uses luaL_loadbuffer() which doesn't discriminate...
The text was updated successfully, but these errors were encountered: