diff options
author | red-001 <red-001@outlook.ie> | 2017-06-30 19:14:39 +0100 |
---|---|---|
committer | Loïc Blot <nerzhul@users.noreply.github.com> | 2017-06-30 20:14:39 +0200 |
commit | f3ad75691aea30d2d68aab19fbfa9031409c39d7 (patch) | |
tree | b73109f1d3d14af91b3593dc80645a1bb70274a8 /src/script/cpp_api/s_security.h | |
parent | 2e53801fc0d9ba13afec6c1ddb5e3999f68b96bd (diff) | |
download | minetest-f3ad75691aea30d2d68aab19fbfa9031409c39d7.tar.gz minetest-f3ad75691aea30d2d68aab19fbfa9031409c39d7.tar.bz2 minetest-f3ad75691aea30d2d68aab19fbfa9031409c39d7.zip |
Create a filesystem abstraction layer for CSM and only allow accessing files that are scanned into it. (#5965)
* Load client-side mods into memory before executing them.
This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure.
* Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory.
* Fix the issues with backtrace
* fix most of the issues
* fix code style.
* add a comment
Diffstat (limited to 'src/script/cpp_api/s_security.h')
-rw-r--r-- | src/script/cpp_api/s_security.h | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/script/cpp_api/s_security.h b/src/script/cpp_api/s_security.h index f0eef00bb..059dccef1 100644 --- a/src/script/cpp_api/s_security.h +++ b/src/script/cpp_api/s_security.h @@ -41,14 +41,18 @@ with this program; if not, write to the Free Software Foundation, Inc., class ScriptApiSecurity : virtual public ScriptApiBase { public: - int backupGlobals(lua_State *L); + int getThread(lua_State *L); + // creates an empty Lua environment + void createEmptyEnv(lua_State *L); + // sets the enviroment to the table thats on top of the stack + void setLuaEnv(lua_State *L, int thread); // Sets up security on the ScriptApi's Lua state void initializeSecurity(); void initializeSecurityClient(); // Checks if the Lua state has been secured static bool isSecure(lua_State *L); // Loads a file as Lua code safely (doesn't allow bytecode). - static bool safeLoadFile(lua_State *L, const char *path); + static bool safeLoadFile(lua_State *L, const char *path, const char *display_name = NULL); // Checks if mods are allowed to read (and optionally write) to the path static bool checkPath(lua_State *L, const char *path, bool write_required, bool *write_allowed=NULL); |