If LuaControllers handle sensitive information, hacked clients could get this information from the LuaController. Marking the memory as private fixes this and saves a small amount of bandwidth.
Fixes:
1. Lack of 'safe' on minetest.deserialize usage
2. String sandbox bypass via (""):evil()
3. Loss of upcoming digilines messages on server shutdown
4. LCs failing to show information on some errors
5. Interrupt IDs as infinite data storage
* Close vulnerability and optimize digiline_send
`digiline_send` as it previously existed was vulnerable to a
time-of-check-to-time-of-use vulnerability in which a table could be
sent, size-checked, and then modified after the send but before
delivery. This would allow larger tables to be sent. It was also slow
because it called `minetest.serialize`. Fix both of these by
implementing custom message cleanup logic which simultaneously computes
the message’s cost.
* Clean up interaction with Digilines
Use `minetest.global_exists` to avoid an undefined global variable
warning when operating a Luacontroller with Digilines not available. Use
the new `digilines` table in preference to the old `digiline` table.
* Copy received messages
When a Digiline message is received at a Luacontroller, copy it so that
local modifications made by the Luacontroller code will not modify
copies of the table that are being passed to other nodes on the Digiline
network.
Restrict maximum length of messages to 50.000 characters and disable sending functions or table references over the wire. Restrict types of channel variable to string, number or boolean.
The missing length restriction made DoS-like attacks possible by overflowing memory using string concatenation. Thanks to gamemanj for disclosing this issue.
Disabling LuaJIT for user code enables normal working of debug.sethook() even for loops. The drawback is that that code will run more slowly.
The fourth parameter of string.find indicates whether the second parameter should be interpreted literally (true) or as a pattern (false). Allowing patterns enables DoS attacks, but it's possible to
allow literal matching with little effort, by disallowing the function only if the fourth parameter (plain mode) is not `true`.
prohibited, remove pcall and xpcall, fix global lookup of "jit"
variable, correct error locations
Thanks to @ShadowNinja and @gamemanj for fixing this in #241
Settings can now be retrieved by mesecon.setting(<name>, <default>) and can be modified without
editing the source code by adding the setting to minetest.conf
For instance, you can add mesecon.blinky_plant_interval = 0.5 to minetest.conf in order to
increase the blinking speed.
Rewrite the blinky plant with nodetimers.
Fixes#161
flexibility and because it was never inteded to be OOP in the first
place.
mesecon.receptor_on and mesecon.receptor_off are provided by wrappers
(mesecon:receptor_on/off) for compatibility, but will be removed. Mod
programmers that use mesecons: Please update!
Also, fix microcontroller polluting the global namespace and remove some
deprecated stuff.
Changes:
* Stops code after a certain number of instructions.
* Allows functions, due to instruction counting.
* Allows loops and goto with non-JIT Lua (LuaJIT doesn't count looping as an instruction, allowing infinite loops), due to instruction counting.
* Removes string matching functions as they can be slow.
* Adds some safe functions.
* Limits the amount of printing that can be done (to prevent console flooding).
* Code cleanup.
* More...
Why did we actually put the update action in a queue again? Whatever issue it that was for, I couldn't reproduce it.
Propably the ActionQueue fixed that...?