aboutsummaryrefslogtreecommitdiff
path: root/src/script/cpp_api
diff options
context:
space:
mode:
authorsfan5 <sfan5@live.de>2021-12-17 18:35:30 +0100
committersfan5 <sfan5@live.de>2021-12-18 20:37:13 +0100
commitf4054595482bf4573075f45d3ca56076a0d6113e (patch)
tree6c6037a5f69059e47d134d1b8287d0d7bce404f9 /src/script/cpp_api
parent8c99f2232bdb52459ccf2a5b751cbe3f7797abc3 (diff)
downloadminetest-f4054595482bf4573075f45d3ca56076a0d6113e.tar.gz
minetest-f4054595482bf4573075f45d3ca56076a0d6113e.tar.bz2
minetest-f4054595482bf4573075f45d3ca56076a0d6113e.zip
Remove setlocal and setupvalue from `debug` table whitelist
It's likely that these could be used trick mods into revealing the insecure environment even if they do everything right (which is already hard enough).
Diffstat (limited to 'src/script/cpp_api')
-rw-r--r--src/script/cpp_api/s_security.cpp2
1 files changed, 0 insertions, 2 deletions
diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index 5faf8cc80..11c277839 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
"traceback",
"getinfo",
"getmetatable",
- "setupvalue",
"setmetatable",
"upvalueid",
"sethook",
"debug",
- "setlocal",
};
static const char *package_whitelist[] = {
"config",