forked from Mirrorlandia_minetest/minetest
Add core.request_insecure_environment()
This commit is contained in:
parent
05ab9973f9
commit
6c06330daf
@ -2290,13 +2290,20 @@ These functions return the leftover itemstack.
|
||||
* `minetest.forceload_block(pos)`
|
||||
* forceloads the position `pos`.
|
||||
* returns `true` if area could be forceloaded
|
||||
* Please note that forceloaded areas are saved when the server restarts.
|
||||
|
||||
* `minetest.forceload_free_block(pos)`
|
||||
* stops forceloading the position `pos`
|
||||
Please note that forceloaded areas are saved when the server restarts.
|
||||
|
||||
minetest.global_exists(name)
|
||||
^ Checks if a global variable has been set, without triggering a warning.
|
||||
* `minetest.request_insecure_environment()`: returns an environment containing
|
||||
insecure functions if the calling mod has been listed as trusted in the
|
||||
`secure.trusted_mods` setting or security is disabled, otherwise returns `nil`.
|
||||
* Only works at init time.
|
||||
* **DO NOT ALLOW ANY OTHER MODS TO ACCESS THE RETURNED ENVIRONMENT, STORE IT IN
|
||||
A LOCAL VARIABLE!**
|
||||
|
||||
* `minetest.global_exists(name)`
|
||||
* Checks if a global variable has been set, without triggering a warning.
|
||||
|
||||
### Global objects
|
||||
* `minetest.env`: `EnvRef` of the server environment and world.
|
||||
|
@ -571,4 +571,7 @@
|
||||
|
||||
# Prevent mods from doing insecure things like running shell commands.
|
||||
#secure.enable_security = false
|
||||
# Comma-separated list of trusted mods that are allowed to access insecure
|
||||
# functions even when mod security is on (via request_insecure_environment()).
|
||||
#secure.trusted_mods =
|
||||
|
||||
|
@ -273,6 +273,7 @@ void set_default_settings(Settings *settings)
|
||||
settings->setDefault("emergequeue_limit_generate", "32");
|
||||
settings->setDefault("num_emerge_threads", "1");
|
||||
settings->setDefault("secure.enable_security", "false");
|
||||
settings->setDefault("secure.trusted_mods", "");
|
||||
|
||||
// physics stuff
|
||||
settings->setDefault("movement_acceleration_default", "3");
|
||||
|
@ -32,6 +32,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
#include "filesys.h"
|
||||
#include "settings.h"
|
||||
#include "util/auth.h"
|
||||
#include <algorithm>
|
||||
|
||||
// debug(...)
|
||||
// Writes a line to dstream
|
||||
@ -339,6 +340,30 @@ int ModApiUtil::l_mkdir(lua_State *L)
|
||||
}
|
||||
|
||||
|
||||
int ModApiUtil::l_request_insecure_environment(lua_State *L)
|
||||
{
|
||||
NO_MAP_LOCK_REQUIRED;
|
||||
if (!ScriptApiSecurity::isSecure(L)) {
|
||||
lua_getglobal(L, "_G");
|
||||
return 1;
|
||||
}
|
||||
lua_getfield(L, LUA_REGISTRYINDEX, SCRIPT_MOD_NAME_FIELD);
|
||||
if (!lua_isstring(L, -1)) {
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
const char *mod_name = lua_tostring(L, -1);
|
||||
std::string trusted_mods = g_settings->get("secure.trusted_mods");
|
||||
std::vector<std::string> mod_list = str_split(trusted_mods, ',');
|
||||
if (std::find(mod_list.begin(), mod_list.end(), mod_name) == mod_list.end()) {
|
||||
lua_pushnil(L);
|
||||
return 1;
|
||||
}
|
||||
lua_getfield(L, LUA_REGISTRYINDEX, "globals_backup");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
void ModApiUtil::Initialize(lua_State *L, int top)
|
||||
{
|
||||
API_FCT(debug);
|
||||
@ -366,6 +391,8 @@ void ModApiUtil::Initialize(lua_State *L, int top)
|
||||
API_FCT(decompress);
|
||||
|
||||
API_FCT(mkdir);
|
||||
|
||||
API_FCT(request_insecure_environment);
|
||||
}
|
||||
|
||||
void ModApiUtil::InitializeAsync(AsyncEngine& engine)
|
||||
|
@ -90,6 +90,9 @@ private:
|
||||
// mkdir(path)
|
||||
static int l_mkdir(lua_State *L);
|
||||
|
||||
// request_insecure_environment()
|
||||
static int l_request_insecure_environment(lua_State *L);
|
||||
|
||||
public:
|
||||
static void Initialize(lua_State *L, int top);
|
||||
|
||||
@ -98,3 +101,4 @@ public:
|
||||
};
|
||||
|
||||
#endif /* L_UTIL_H_ */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user