> Nobody would seriously claim, I think, that one can algorithmically
> determine whether a given fragment of Lua *source* code is malicious.
It is impossible, because the _very same code_ may be fairly called
malicious when presented for execution by an attacker but not when
presented for executi
> Am 17.11.13 22:03, schrieb Terry Moore:
> >> From: Marc Balmer [mailto:m...@msys.ch]
> >>
> >>> It's not *much* less safe than compiling and executing a string in the
> >>> kernel. The only additional attack surfaces are that you can write
> > things
> >>> that the compiler wouldn't write. This c
