diff options
author | sfan5 <sfan5@live.de> | 2022-05-25 19:07:49 +0200 |
---|---|---|
committer | sfan5 <sfan5@live.de> | 2022-05-29 14:00:19 +0200 |
commit | da71e86633d0b27cd02d7aac9fdac625d141ca13 (patch) | |
tree | 5a4f4c1939e2a4f5ee7c8e34932aa34fb4792be4 /src/script | |
parent | bccaf5fc2d11c31615d64b9bca91f908d06b7044 (diff) | |
download | minetest-da71e86633d0b27cd02d7aac9fdac625d141ca13.tar.gz minetest-da71e86633d0b27cd02d7aac9fdac625d141ca13.tar.bz2 minetest-da71e86633d0b27cd02d7aac9fdac625d141ca13.zip |
Protect a few more settings from being set from mods
Of those settings main_menu_script has concrete security impact, the rest are added out of abundance of caution.
Diffstat (limited to 'src/script')
-rw-r--r-- | src/script/lua_api/l_settings.cpp | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/script/lua_api/l_settings.cpp b/src/script/lua_api/l_settings.cpp index 14398dda2..3f3fda56e 100644 --- a/src/script/lua_api/l_settings.cpp +++ b/src/script/lua_api/l_settings.cpp @@ -27,9 +27,11 @@ with this program; if not, write to the Free Software Foundation, Inc., #include "log.h" -/* This protects: - * 'secure.*' settings from being set - * some mapgen settings from being set +/* This protects the following from being set: + * 'secure.*' settings + * some security-relevant settings + * (better solution pending) + * some mapgen settings * (not security-criticial, just to avoid messing up user configs) */ #define CHECK_SETTING_SECURITY(L, name) \ @@ -41,7 +43,7 @@ with this program; if not, write to the Free Software Foundation, Inc., static inline int checkSettingSecurity(lua_State* L, const std::string &name) { if (ScriptApiSecurity::isSecure(L) && name.compare(0, 7, "secure.") == 0) - throw LuaError("Attempt to set secure setting."); + throw LuaError("Attempted to set secure setting."); bool is_mainmenu = false; #ifndef SERVER @@ -54,6 +56,17 @@ static inline int checkSettingSecurity(lua_State* L, const std::string &name) return -1; } + const char *disallowed[] = { + "main_menu_script", "shader_path", "texture_path", "screenshot_path", + "serverlist_file", "serverlist_url", "map-dir", "contentdb_url", + }; + if (!is_mainmenu) { + for (const char *name2 : disallowed) { + if (name == name2) + throw LuaError("Attempted to set disallowed setting."); + } + } + return 0; } |