Turn off LUA_USE_DLOPEN on iOS

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Turn off LUA_USE_DLOPEN on iOS

云风 Cloud Wu
Linking dlopen() and dlsym() on iOS is forbidden by apple now. 

https://forums.developer.apple.com/thread/73640

So I suggest add this into luaconf.h

#if defined(TARGET_OS_IPHONE) && defined(LUA_USE_DLOPEN)
#undef LUA_USE_DLOPEN
#endif

Reply | Threaded
Open this post in threaded view
|

Re: Turn off LUA_USE_DLOPEN on iOS

Nagaev Boris
On Tue, Mar 14, 2017 at 7:22 AM, 云风 Cloud Wu <[hidden email]> wrote:

> Linking dlopen() and dlsym() on iOS is forbidden by apple now.
>
> https://forums.developer.apple.com/thread/73640
>
> So I suggest add this into luaconf.h
>
> #if defined(TARGET_OS_IPHONE) && defined(LUA_USE_DLOPEN)
> #undef LUA_USE_DLOPEN
> #endif
>

Hi

If I understand the thread correctly, it applies only to the app store
and only to cases when code "passes arbitrary parameters". It is not
equal to banning this function on whole the platform. If the code is
not put to the app store or if dlopen is used to open DLL which is a
part of the same app, it seems OK from the thread. Which is not OK
from the thread is downloading DLL from remote servers and loading
them to the app.


--
Best regards,
Boris Nagaev

Reply | Threaded
Open this post in threaded view
|

Re: Turn off LUA_USE_DLOPEN on iOS

云风 Cloud Wu


Nagaev Boris <[hidden email]>于2017年3月14日周二 下午5:00写道:
If I understand the thread correctly, it applies only to the app store
and only to cases when code "passes arbitrary parameters". It is not

In lua, the code "passes arbitrary parameters" to dlopen/dlsym, because we can pass any string from the script. I guess Apple use a static analysis tool to review the apps submitted to the App Store. 
 
equal to banning this function on whole the platform. If the code is
not put to the app store or if dlopen is used to open DLL which is a
part of the same app, it seems OK from the thread. Which is not OK
from the thread is downloading DLL from remote servers and loading
them to the app.

The mostly app on iOS platform would put on to the app store, so I think turn off LUA_USE_DLOPEN on iOS by default would be better. 
 
Reply | Threaded
Open this post in threaded view
|

Re: Turn off LUA_USE_DLOPEN on iOS

Nagaev Boris
On Tue, Mar 14, 2017 at 9:35 AM, 云风 Cloud Wu <[hidden email]> wrote:

>
>
> Nagaev Boris <[hidden email]>于2017年3月14日周二 下午5:00写道:
>>
>> If I understand the thread correctly, it applies only to the app store
>> and only to cases when code "passes arbitrary parameters". It is not
>
>
> In lua, the code "passes arbitrary parameters" to dlopen/dlsym, because we
> can pass any string from the script. I guess Apple use a static analysis
> tool to review the apps submitted to the App Store.

Most scripts pass a fixed set of strings to dlopen/dlsym (modules they
require). If the static analysis tool doesn't understand this, it is
not a problem of the app.

>> equal to banning this function on whole the platform. If the code is
>> not put to the app store or if dlopen is used to open DLL which is a
>> part of the same app, it seems OK from the thread. Which is not OK
>> from the thread is downloading DLL from remote servers and loading
>> them to the app.
>
>
> The mostly app on iOS platform would put on to the app store, so I think
> turn off LUA_USE_DLOPEN on iOS by default would be better.

I know people using that platform and running Lua scripts manually.
Turning off LUA_USE_DLOPEN would make difficulties to their workflow.

--
Best regards,
Boris Nagaev

Reply | Threaded
Open this post in threaded view
|

Re: Turn off LUA_USE_DLOPEN on iOS

云风 Cloud Wu


Nagaev Boris <[hidden email]>于2017年3月14日周二 下午5:51写道:
On Tue, Mar 14, 2017 at 9:35 AM, 云风 Cloud Wu
 
Most scripts pass a fixed set of strings to dlopen/dlsym (modules they
require). If the static analysis tool doesn't understand this, it is
not a problem of the app.

Apple would only tell you that your app can't pass the review, so it's your app's problem rather than their tools.
 
I know people using that platform and running Lua scripts manually.
Turning off LUA_USE_DLOPEN would make difficulties to their workflow.

iOS is only a target (and closed) os, mostly people use other OS (like Mac OSX) to develop app for iOS. You can't even copy a .so file onto your iOS device. Who will run lua script manually  and load .so modules on iOS ?
 
Reply | Threaded
Open this post in threaded view
|

Re: Turn off LUA_USE_DLOPEN on iOS

Chris Jones
Hey

On 14 March 2017 at 12:09, 云风 Cloud Wu <[hidden email]> wrote:
iOS is only a target (and closed) os, mostly people use other OS (like Mac OSX) to develop app for iOS. You can't even copy a .so file onto your iOS device. Who will run lua script manually  and load .so modules on iOS ?

Some people write stuff just for themselves and never submit it to Apple, some people run private app stores for their companies (which is allowed by Apple).

However, the vast majority of times someone is making an iOS app, it's to submit to the store. I would suggest the default should be to turn LUA_USE_DLOPEN off on iOS.

--
Cheers,

Chris
Reply | Threaded
Open this post in threaded view
|

Re: Turn off LUA_USE_DLOPEN on iOS

Hisham
In reply to this post by Nagaev Boris
On 14 March 2017 at 06:50, Nagaev Boris <[hidden email]> wrote:

> On Tue, Mar 14, 2017 at 9:35 AM, 云风 Cloud Wu <[hidden email]> wrote:
>>
>>
>> Nagaev Boris <[hidden email]>于2017年3月14日周二 下午5:00写道:
>>>
>>> If I understand the thread correctly, it applies only to the app store
>>> and only to cases when code "passes arbitrary parameters". It is not
>>
>>
>> In lua, the code "passes arbitrary parameters" to dlopen/dlsym, because we
>> can pass any string from the script. I guess Apple use a static analysis
>> tool to review the apps submitted to the App Store.
>
> Most scripts pass a fixed set of strings to dlopen/dlsym (modules they
> require). If the static analysis tool doesn't understand this, it is
> not a problem of the app.

Requiring a module from Lua with a fixed string will still translate
to a dlopen() with a variable argument in the Lua interpreter loop. So
yeah, I wouldn't expect a static analyzer to catch that.

-- Hisham