Mirrorlandia_minetest/minetest
1
0
Fork 1
mirror of https://github.com/minetest/minetest.git synced 2024-11-23 16:13:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove setlocal and setupvalue from debug table whitelist

Browse Source 
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
This commit is contained in:
sfan5 2021-12-17 18:35:30 +01:00
parent 8c99f2232b
commit f405459548
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/script/cpp_api/s_security.cpp
View File

@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
"traceback", "traceback",
"getinfo", "getinfo",
"getmetatable", "getmetatable",
"setupvalue",
"setmetatable", "setmetatable",
"upvalueid", "upvalueid",
"sethook", "sethook",
"debug", "debug",
"setlocal",
}; };
static const char *package_whitelist[] = { static const char *package_whitelist[] = {
"config", "config",