mirror of
https://github.com/minetest/minetest.git
synced 2024-11-27 10:03:45 +01:00
Remove setlocal and setupvalue from debug
table whitelist
It's likely that these could be used trick mods into revealing the insecure environment even if they do everything right (which is already hard enough).
This commit is contained in:
parent
8c99f2232b
commit
f405459548
@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
|
|||||||
"traceback",
|
"traceback",
|
||||||
"getinfo",
|
"getinfo",
|
||||||
"getmetatable",
|
"getmetatable",
|
||||||
"setupvalue",
|
|
||||||
"setmetatable",
|
"setmetatable",
|
||||||
"upvalueid",
|
"upvalueid",
|
||||||
"sethook",
|
"sethook",
|
||||||
"debug",
|
"debug",
|
||||||
"setlocal",
|
|
||||||
};
|
};
|
||||||
static const char *package_whitelist[] = {
|
static const char *package_whitelist[] = {
|
||||||
"config",
|
"config",
|
||||||
|
Loading…
Reference in New Issue
Block a user