mailing list archives
Re: Ncat's Lua socket abstraction - API protection, error behavior?
From: David Fifield <david () bamsoftware com>
Date: Tue, 3 Sep 2013 17:56:20 -0700
On Sun, Sep 01, 2013 at 05:39:55PM -0400, Patrick Donnelly wrote:
On Thu, Aug 29, 2013 at 12:05 PM, Jacek Wielemborek
<wielemborekj1 () gmail com> wrote:
As I told you on IRC, scripting environments often take a hands-off
approach: "if you break it, you get to keep both pieces".
I generally agree with this idea. As long as scripts can't make Ncat
crash in an unsafe way, or corrupt memory, we should let buggy scripts
fail. So, for example, if you were exposing Nsock event IDs in a table
that scripts can modify, that would be bad, because Nsock doesn't expect
you to just invent new event IDs and pass them to it. But if the script
gets a copy of such a table that doesn't change Ncat's internal
structures when modified, go ahead and let the script stomp all over it.
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/