aboutsummaryrefslogtreecommitdiff
path: root/src/script/cpp_api
diff options
context:
space:
mode:
authorsfan5 <sfan5@live.de>2022-01-13 22:12:44 +0100
committersfan5 <sfan5@live.de>2022-01-15 17:45:08 +0100
commit9a12e4499ecf5c1a3467af9c831d0d350a21923d (patch)
tree50e7dbe0fa599ebda46910c46bcb449cf15e1924 /src/script/cpp_api
parent379473b67007abf78d87ebbaf925b4948cf72ae6 (diff)
downloadminetest-9a12e4499ecf5c1a3467af9c831d0d350a21923d.tar.gz
minetest-9a12e4499ecf5c1a3467af9c831d0d350a21923d.tar.bz2
minetest-9a12e4499ecf5c1a3467af9c831d0d350a21923d.zip
Minor improvements to Lua sandbox
Diffstat (limited to 'src/script/cpp_api')
-rw-r--r--src/script/cpp_api/s_security.cpp30
-rw-r--r--src/script/cpp_api/s_security.h1
2 files changed, 27 insertions, 4 deletions
diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index ccd1214e3..a6c5114b2 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -121,9 +121,7 @@ void ScriptApiSecurity::initializeSecurity()
"date",
"difftime",
"getenv",
- "setlocale",
"time",
- "tmpname",
};
static const char *debug_whitelist[] = {
"gethook",
@@ -219,6 +217,7 @@ void ScriptApiSecurity::initializeSecurity()
// And replace unsafe ones
SECURE_API(os, remove);
SECURE_API(os, rename);
+ SECURE_API(os, setlocale);
lua_setglobal(L, "os");
lua_pop(L, 1); // Pop old OS
@@ -250,6 +249,11 @@ void ScriptApiSecurity::initializeSecurity()
lua_pop(L, 1); // Pop old jit
#endif
+ // Get rid of 'core' in the old globals, we don't want anyone thinking it's
+ // safe or even usable.
+ lua_pushnil(L);
+ lua_setfield(L, old_globals, "core");
+
lua_pop(L, 1); // Pop globals_backup
@@ -285,7 +289,7 @@ void ScriptApiSecurity::initializeSecurityClient()
"rawset",
"select",
"setfenv",
- // getmetatable can be used to escape the sandbox
+ // getmetatable can be used to escape the sandbox <- ???
"setmetatable",
"tonumber",
"tostring",
@@ -307,7 +311,7 @@ void ScriptApiSecurity::initializeSecurityClient()
"time"
};
static const char *debug_whitelist[] = {
- "getinfo",
+ "getinfo", // used by builtin and unset before mods load
"traceback"
};
@@ -867,3 +871,21 @@ int ScriptApiSecurity::sl_os_remove(lua_State *L)
lua_call(L, 1, 2);
return 2;
}
+
+
+int ScriptApiSecurity::sl_os_setlocale(lua_State *L)
+{
+ const bool cat = lua_gettop(L) > 1;
+ // Don't allow changes
+ if (!lua_isnoneornil(L, 1)) {
+ lua_pushnil(L);
+ return 1;
+ }
+
+ push_original(L, "os", "setlocale");
+ lua_pushnil(L);
+ if (cat)
+ lua_pushvalue(L, 2);
+ lua_call(L, cat ? 2 : 1, 1);
+ return 1;
+}
diff --git a/src/script/cpp_api/s_security.h b/src/script/cpp_api/s_security.h
index 619bf824f..880ce1638 100644
--- a/src/script/cpp_api/s_security.h
+++ b/src/script/cpp_api/s_security.h
@@ -79,4 +79,5 @@ private:
static int sl_os_rename(lua_State *L);
static int sl_os_remove(lua_State *L);
+ static int sl_os_setlocale(lua_State *L);
};