20 us was the value, firefox used as first response to the spectre attacks.
now it's 100 us or 5 us, depending on whether it's "cross-origin isolated".
we only have one origin, so choosing 20 us is probably fine, I guess
see also:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/https://developer.mozilla.org/en-US/docs/Web/API/Performance/now#security_requirements
other clocks:
* os.time() and os.date() only have seconds precision, AFAIK.
* dtime is only given once per step, so it's not useful
* there might be other ways to build clocks (if we get async envs for sscsm,
with a busy loop, for example)
tostring({}) and string.format("%s", {}) give you pointers.
(see lj_strfmt_obj)
this is not very critical, but attacks could be made harder if we change this.
the effort of overwriting is not worth it I think right now
In 99% of the cases, this behaviour is identical to before.
With this commit, it is again possible to have 'builtin' a symlink that e.g.
points to the engine source directory, which is helpful for development purposes.
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
- Move the text segment below the 47-bit limit, needed for script_exception_wrapper which must be lightuserdata
- Replace CUSTOM_RIDX_SCRIPTAPI with full userdata
Safety-guards for CSM callbacks to abort on a bad implementation
Only run callbacks when the mods are loaded (and with it: builtin)
Duplication checks inside constructors
* Modernize lua read (part 2 & 3): C++ templating assurance
Implement the boolean reader
Implement the string reader
Also remove unused & unimplemented script_error_handler
Add a reader with default value
* Modernize source code: last par
* Use empty when needed
* Use emplace_back instead of push_back when needed
* For range-based loops
* Initializers fixes
* constructors, destructors default
* c++ C stl includes
* Load client-side mods into memory before executing them.
This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure.
* Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory.
* Fix the issues with backtrace
* fix most of the issues
* fix code style.
* add a comment
* Resource leak: CHECK_FILE_ERR returns, without freeing chunk_name.
Found with static analysis.
* Resource leak: leaks `page` on error path.
Found with static analysis.
