aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorred-001 <red-001@outlook.ie>2017-01-28 21:43:06 +0000
committerLoic Blot <loic.blot@unix-experience.fr>2017-03-19 12:34:33 +0100
commit2e3778ec0c1f77007d064d15310fa816e2a07e88 (patch)
tree6c1a0657057b8f1a549554523d7b5ab1cf49f763
parentf8ad01ab7c4cf012781bd4caa821544e676c9267 (diff)
downloadminetest-2e3778ec0c1f77007d064d15310fa816e2a07e88.tar.gz
minetest-2e3778ec0c1f77007d064d15310fa816e2a07e88.tar.bz2
minetest-2e3778ec0c1f77007d064d15310fa816e2a07e88.zip
Block access to the `io` library
-rw-r--r--builtin/common/misc_helpers.lua17
-rw-r--r--src/script/cpp_api/s_security.cpp30
2 files changed, 13 insertions, 34 deletions
diff --git a/builtin/common/misc_helpers.lua b/builtin/common/misc_helpers.lua
index e145a5bfc..a1417dbd4 100644
--- a/builtin/common/misc_helpers.lua
+++ b/builtin/common/misc_helpers.lua
@@ -197,16 +197,17 @@ assert(table.indexof({"foo", "bar"}, "foo") == 1)
assert(table.indexof({"foo", "bar"}, "baz") == -1)
--------------------------------------------------------------------------------
-function file_exists(filename)
- local f = io.open(filename, "r")
- if f == nil then
- return false
- else
- f:close()
- return true
+if INIT ~= "client" then
+ function file_exists(filename)
+ local f = io.open(filename, "r")
+ if f == nil then
+ return false
+ else
+ f:close()
+ return true
+ end
end
end
-
--------------------------------------------------------------------------------
function string:trim()
return (self:gsub("^%s*(.-)%s*$", "%1"))
diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index c6aad71b8..ec3a52e8e 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -123,6 +123,7 @@ void ScriptApiSecurity::initializeSecurity()
"path",
"searchpath",
};
+#if USE_LUAJIT
static const char *jit_whitelist[] = {
"arch",
"flush",
@@ -134,7 +135,7 @@ void ScriptApiSecurity::initializeSecurity()
"version",
"version_num",
};
-
+#endif
m_secure = true;
lua_State *L = getStack();
@@ -245,13 +246,6 @@ void ScriptApiSecurity::initializeSecurityClient()
"table",
"math",
};
- static const char *io_whitelist[] = {
- "close",
- "flush",
- "read",
- "type",
- "write",
- };
static const char *os_whitelist[] = {
"clock",
"date",
@@ -263,6 +257,7 @@ void ScriptApiSecurity::initializeSecurityClient()
"getinfo",
};
+#if USE_LUAJIT
static const char *jit_whitelist[] = {
"arch",
"flush",
@@ -274,6 +269,7 @@ void ScriptApiSecurity::initializeSecurityClient()
"version",
"version_num",
};
+#endif
m_secure = true;
@@ -294,20 +290,6 @@ void ScriptApiSecurity::initializeSecurityClient()
lua_pop(L, 1);
- // Copy safe IO functions
- lua_getfield(L, old_globals, "io");
- lua_newtable(L);
- copy_safe(L, io_whitelist, sizeof(io_whitelist));
-
- // And replace unsafe ones
- SECURE_API(io, open);
- SECURE_API(io, input);
- SECURE_API(io, output);
- SECURE_API(io, lines);
-
- lua_setglobal(L, "io");
- lua_pop(L, 1); // Pop old IO
-
// Copy safe OS functions
lua_getfield(L, old_globals, "os");
@@ -324,10 +306,6 @@ void ScriptApiSecurity::initializeSecurityClient()
lua_setglobal(L, "debug");
lua_pop(L, 1); // Pop old debug
- // Remove all of package
- lua_newtable(L);
- lua_setglobal(L, "package");
-
#if USE_LUAJIT
// Copy safe jit functions, if they exist
lua_getfield(L, -1, "jit");