aboutsummaryrefslogtreecommitdiff
path: root/src/script/cpp_api/s_security.cpp
Commit message (Collapse)AuthorAge
* Add `minetest.settings` to CSM API and allow CSMs to provide ↵AFCMS2022-08-02
| | | | | | `settingtypes.txt` (#12131) Co-authored-by: sfan5 <sfan5@live.de> Co-authored-by: SmallJoker <SmallJoker@users.noreply.github.com>
* Remove debug.get/setmetatable from security whiteliststefan2022-05-29
| | | | fixes #12216
* Store vector metatable in registryJude Melton-Houghton2022-03-29
|
* Minor improvements to Lua sandboxsfan52022-01-15
|
* Refactor trusted mod checking codesfan52021-12-18
|
* Remove setlocal and setupvalue from `debug` table whitelistsfan52021-12-18
| | | | | It's likely that these could be used trick mods into revealing the insecure environment even if they do everything right (which is already hard enough).
* Add Lua bitop library (#9847)Lejo2021-11-26
|
* Async-related script cleanupssfan52021-08-28
|
* Isolate library tables between sandbox and insecure envsfan52021-04-18
|
* Fix some minor code issues all over the placesfan52020-12-24
|
* Fix CSMs on arm64 (#10553)luk3yx2020-10-25
|
* Work around LuaJIT issues on aarch64 (#9614)sfan52020-04-08
| | | | - Move the text segment below the 47-bit limit, needed for script_exception_wrapper which must be lightuserdata - Replace CUSTOM_RIDX_SCRIPTAPI with full userdata
* Load client mods into memory before execution.sfan52019-11-09
| | | | Preperation for server-sent CSM which will eventually need this.
* Refactor loading of Lua code with mod securitysfan52019-11-09
|
* CSM: Fix itemstack:get_meta() 'metadata' indexing errorSmallJoker2019-09-14
|
* Load CSM environment after the restrictions are knownSmallJoker2019-09-14
| | | | | | | Safety-guards for CSM callbacks to abort on a bad implementation Only run callbacks when the mods are loaded (and with it: builtin) Duplication checks inside constructors
* Removed debug.upvaluejoin to prevent leak of insecure environmenty2019-07-24
|
* Move client-specific files to 'src/client' (#7902)Quentin Bazin2018-11-28
| | | | | Update Android.mk Remove 'src/client' from include_directories
* Modernize lua read (part 2 & 3): C++ templating assurance (#7410)Loïc Blot2018-06-30
| | | | | | | | | * Modernize lua read (part 2 & 3): C++ templating assurance Implement the boolean reader Implement the string reader Also remove unused & unimplemented script_error_handler Add a reader with default value
* Move `setlocale` from Lua to C++.red-0012018-02-08
|
* Modernize source code: last part (#6285)Loïc Blot2017-08-20
| | | | | | | | | | | * Modernize source code: last par * Use empty when needed * Use emplace_back instead of push_back when needed * For range-based loops * Initializers fixes * constructors, destructors default * c++ C stl includes
* Create a filesystem abstraction layer for CSM and only allow accessing files ↵red-0012017-06-30
| | | | | | | | | | | | | | | | | | that are scanned into it. (#5965) * Load client-side mods into memory before executing them. This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure. * Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory. * Fix the issues with backtrace * fix most of the issues * fix code style. * add a comment
* Plug two minor Leaks (#5603)Auke Kok2017-04-17
| | | | | | | | | | * Resource leak: CHECK_FILE_ERR returns, without freeing chunk_name. Found with static analysis. * Resource leak: leaks `page` on error path. Found with static analysis.
* Block access to the `io` libraryred-0012017-03-19
|
* [CSM] Improve security for client-sided mods (#5100)red-0012017-03-13
|
* [CSM] Client side moddingLoic Blot2017-03-13
| | | | | | | | | | * rename GameScripting to ServerScripting * Make getBuiltinLuaPath static serverside * Add on_shutdown callback * Add on_receiving_chat_message & on_sending_chat_message callbacks * ScriptApiBase: use IGameDef instead of Server This permits to share common attribute between client & server * Enable mod security in client side modding without conditions
* Remove os.exit from the Lua secure sandbox (#5090)Loïc Blot2017-01-21
| | | | | os.exit will exit not using proper resource liberation paths. Mods should call the proper exit mod using our API
* Security: Fix resolving of some relative pathsShadowNinja2016-12-20
| | | | | | | | | | | | | Trying to resolve a path with RemoveRelativePathComponents that can't be resolved without leaving leading parent components (e.g. "../worlds/foo" or "bar/../../worlds/foo") will fail. To work around this, we leave the relative components and simply remove the trailing components one at a time, and bail out when we find a parent component. This will still fail for paths like "worlds/foo/noexist/../auth.txt" (the path before the last parent component must not exist), but this is fine since you won't be able to open a file with a path like that anyways (the O.S. will determine that the path doesn't exist. Try `cat /a/../etc/passwd`).
* Mod security: Allow read-only access to all mod pathsShadowNinja2016-12-20
|
* Fix secure io.linesShadowNinja2016-11-24
| | | | | It used to drop all of the return values from the insecure version of the function.
* Fix secure io.open without modeShadowNinja2016-11-24
|
* Fix memory leak in ::safeLoadFile (#4730)Zeno-2016-11-05
|
* couple of memory leaks fixes.David Carlier2016-08-10
|
* Remove unused code in s_security.cpp (#4172)Zeno-2016-05-30
| | | Note that the macro CHECK_FILE_ERR implements the code removed
* Remove debug.getupvalue from the Lua sandbox whitelistShadowNinja2016-03-03
| | | | This function could be used to steal insecure environments from trusted mods.
* Use numeric indices and raw table access with LUA_REGISTRYINDEXKahrl2015-08-27
|
* dofile error reporting for syntax errorsest312015-06-12
| | | | | According to doc, dofile() raises an error when parsing failed due to syntax errors. Fixes #2775
* Fix Windows build, clean up included headersSmallJoker2015-05-22
| | | | Also fix a startup error caused by s_security.cpp
* Add mod securityShadowNinja2015-05-16
Due to compatibility concerns, this is temporarily disabled.