oss/luanti
oss/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-06-27 16:36:03 +00:00
Code Wiki Activity

Remove setlocal and setupvalue from debug table whitelist

Browse source 
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
This commit is contained in:
sfan5 2021-12-17 18:35:30 +01:00
parent 8c99f2232b
commit f405459548
1 changed files with 0 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/script/cpp_api/s_security.cpp
View file

@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
"traceback", "traceback",
"getinfo", "getinfo",
"getmetatable", "getmetatable",
"setupvalue",
"setmetatable", "setmetatable",
"upvalueid", "upvalueid",
"sethook", "sethook",
"debug", "debug",
"setlocal",
}; };
static const char *package_whitelist[] = { static const char *package_whitelist[] = {
"config", "config",