Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Ncat's Lua socket abstraction - API protection, error behavior?
From: David Fifield <david () bamsoftware com>
Date: Tue, 3 Sep 2013 17:56:20 -0700

On Sun, Sep 01, 2013 at 05:39:55PM -0400, Patrick Donnelly wrote:
On Thu, Aug 29, 2013 at 12:05 PM, Jacek Wielemborek
<wielemborekj1 () gmail com> wrote:
As I told you on IRC, scripting environments often take a hands-off
approach: "if you break it, you get to keep both pieces".

I generally agree with this idea. As long as scripts can't make Ncat
crash in an unsafe way, or corrupt memory, we should let buggy scripts
fail. So, for example, if you were exposing Nsock event IDs in a table
that scripts can modify, that would be bad, because Nsock doesn't expect
you to just invent new event IDs and pass them to it. But if the script
gets a copy of such a table that doesn't change Ncat's internal
structures when modified, go ahead and let the script stomp all over it.

David Fifield
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]