Are function environments now secure?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Are function environments now secure?

Dirk Laurie-2
Now that getfenv is finally dead and buried, is the function
environment tamper-proof against anything short of
debug.getupvalue?

Reply | Threaded
Open this post in threaded view
|

Re: Are function environments now secure?

Dong Feng
I don't think function environment is less temper-proof. Sure you can
modify it through something like debug.getupvalue for which you can
not do with the old "env". But that is pointless in terms of security
because what an attacker can put into _ENV is what the attacker
already has. The point of having a secured _ENV is to prevent the
attacker from getting what he does not have, rather than forbid one
from putting what he already has to anywhere.

2013/6/2 Dirk Laurie <[hidden email]>:
> Now that getfenv is finally dead and buried, is the function
> environment tamper-proof against anything short of
> debug.getupvalue?
>

Reply | Threaded
Open this post in threaded view
|

Re: Are function environments now secure?

Dong Feng
In reply to this post by Dirk Laurie-2
2013/6/2 Dirk Laurie <[hidden email]>:
> Now that getfenv is finally dead and buried, is the function
> environment tamper-proof against anything short of
> debug.getupvalue?
>

(Sorry resend because of top-most. Gmail made it too easy.)

I don't think function environment is less temper-proof. Sure you can
modify it through something like debug.getupvalue for which you can
not do with the old "env". But that is pointless in terms of security
because what an attacker can put into _ENV is what the attacker
already has. The point of having a secured _ENV is to prevent the
attacker from getting what he does not have, rather than forbid one
from putting what he already has to anywhere.

Reply | Threaded
Open this post in threaded view
|

Re: Are function environments now secure?

Roberto Ierusalimschy
In reply to this post by Dirk Laurie-2
> Now that getfenv is finally dead and buried, is the function
> environment tamper-proof against anything short of
> debug.getupvalue?

Yes, up to functions lexically sharing the same environment:

  function tamper_proof (...) ... end
  function spy (e) local o = _ENV; _ENV = e; return o end

With 'spy', you can see and change the environment of 'tamper_proof'.

-- Roberto