aboutsummaryrefslogtreecommitdiff
path: root/src/script/cpp_api/s_security.cpp
Commit message (Collapse)AuthorAge
* Create a filesystem abstraction layer for CSM and only allow accessing files ↵red-0012017-06-30
| | | | | | | | | | | | | | | | | | that are scanned into it. (#5965) * Load client-side mods into memory before executing them. This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure. * Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory. * Fix the issues with backtrace * fix most of the issues * fix code style. * add a comment
* Plug two minor Leaks (#5603)Auke Kok2017-04-17
| | | | | | | | | | * Resource leak: CHECK_FILE_ERR returns, without freeing chunk_name. Found with static analysis. * Resource leak: leaks `page` on error path. Found with static analysis.
* Block access to the `io` libraryred-0012017-03-19
|
* [CSM] Improve security for client-sided mods (#5100)red-0012017-03-13
|
* [CSM] Client side moddingLoic Blot2017-03-13
| | | | | | | | | | * rename GameScripting to ServerScripting * Make getBuiltinLuaPath static serverside * Add on_shutdown callback * Add on_receiving_chat_message & on_sending_chat_message callbacks * ScriptApiBase: use IGameDef instead of Server This permits to share common attribute between client & server * Enable mod security in client side modding without conditions
* Remove os.exit from the Lua secure sandbox (#5090)Loïc Blot2017-01-21
| | | | | os.exit will exit not using proper resource liberation paths. Mods should call the proper exit mod using our API
* Security: Fix resolving of some relative pathsShadowNinja2016-12-20
| | | | | | | | | | | | | Trying to resolve a path with RemoveRelativePathComponents that can't be resolved without leaving leading parent components (e.g. "../worlds/foo" or "bar/../../worlds/foo") will fail. To work around this, we leave the relative components and simply remove the trailing components one at a time, and bail out when we find a parent component. This will still fail for paths like "worlds/foo/noexist/../auth.txt" (the path before the last parent component must not exist), but this is fine since you won't be able to open a file with a path like that anyways (the O.S. will determine that the path doesn't exist. Try `cat /a/../etc/passwd`).
* Mod security: Allow read-only access to all mod pathsShadowNinja2016-12-20
|
* Fix secure io.linesShadowNinja2016-11-24
| | | | | It used to drop all of the return values from the insecure version of the function.
* Fix secure io.open without modeShadowNinja2016-11-24
|
* Fix memory leak in ::safeLoadFile (#4730)Zeno-2016-11-05
|
* couple of memory leaks fixes.David Carlier2016-08-10
|
* Remove unused code in s_security.cpp (#4172)Zeno-2016-05-30
| | | Note that the macro CHECK_FILE_ERR implements the code removed
* Remove debug.getupvalue from the Lua sandbox whitelistShadowNinja2016-03-03
| | | | This function could be used to steal insecure environments from trusted mods.
* Use numeric indices and raw table access with LUA_REGISTRYINDEXKahrl2015-08-27
|
* dofile error reporting for syntax errorsest312015-06-12
| | | | | According to doc, dofile() raises an error when parsing failed due to syntax errors. Fixes #2775
* Fix Windows build, clean up included headersSmallJoker2015-05-22
| | | | Also fix a startup error caused by s_security.cpp
* Add mod securityShadowNinja2015-05-16
Due to compatibility concerns, this is temporarily disabled.