]> git.lizzy.rs Git - minetest.git/commitdiff
projects / minetest.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8c99f22)
Remove setlocal and setupvalue from `debug` table whitelist
authorsfan5 <sfan5@live.de>
Fri, 17 Dec 2021 17:35:30 +0000 (18:35 +0100)
committersfan5 <sfan5@live.de>
Sat, 18 Dec 2021 19:37:13 +0000 (20:37 +0100)
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).

src/script/cpp_api/s_security.cpp patch | blob | history

diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index 5faf8cc80e7f358433b8cb9ef09a03ea7092a788..11c277839aac41ba7e7ec07ad6204cf797387d5c 100644 (file)
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
                "traceback",
                "getinfo",
                "getmetatable",
-               "setupvalue",
                "setmetatable",
                "upvalueid",
                "sethook",
                "debug",
-               "setlocal",
        };
        static const char *package_whitelist[] = {
                "config",
Minetest is an open source voxel game engine with easy modding and game creation