diff options
author | ShadowNinja <shadowninja@minetest.net> | 2016-02-18 16:06:07 -0500 |
---|---|---|
committer | paramat <mat.gregory@virginmedia.com> | 2016-02-19 14:52:10 +0000 |
commit | 4827ee1258ac9d68808ca4e2a9cb88bf49473e6b (patch) | |
tree | e2900cf20cb7aed59fb69e94b97784e02843e0cd /doc | |
parent | 997be666e37e9494bb92a50521b4b749156a609c (diff) | |
download | minetest-4827ee1258ac9d68808ca4e2a9cb88bf49473e6b.tar.gz minetest-4827ee1258ac9d68808ca4e2a9cb88bf49473e6b.tar.bz2 minetest-4827ee1258ac9d68808ca4e2a9cb88bf49473e6b.zip |
Require request_insecure_environment to be called from the mod's main scope
Previously you could steal a secure environment from a trusted mod by wrapping
request_insecure_environment with some code like this:
local rie_cp = minetest.request_insecure_environment
local stolen_ie
function minetest.request_insecure_environment()
local ie = rie_cp()
stolen_ie = stolen_ie or ie
return ie
end
Diffstat (limited to 'doc')
-rw-r--r-- | doc/lua_api.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/lua_api.txt b/doc/lua_api.txt index d9a8bea97..2df0cac7c 100644 --- a/doc/lua_api.txt +++ b/doc/lua_api.txt @@ -2437,7 +2437,7 @@ These functions return the leftover itemstack. * `minetest.request_insecure_environment()`: returns an environment containing insecure functions if the calling mod has been listed as trusted in the `secure.trusted_mods` setting or security is disabled, otherwise returns `nil`. - * Only works at init time. + * Only works at init time and must be called from the mod's main scope (not from a function). * **DO NOT ALLOW ANY OTHER MODS TO ACCESS THE RETURNED ENVIRONMENT, STORE IT IN A LOCAL VARIABLE!** |