From 4827ee1258ac9d68808ca4e2a9cb88bf49473e6b Mon Sep 17 00:00:00 2001 From: ShadowNinja Date: Thu, 18 Feb 2016 16:06:07 -0500 Subject: Require request_insecure_environment to be called from the mod's main scope Previously you could steal a secure environment from a trusted mod by wrapping request_insecure_environment with some code like this: local rie_cp = minetest.request_insecure_environment local stolen_ie function minetest.request_insecure_environment() local ie = rie_cp() stolen_ie = stolen_ie or ie return ie end --- doc/lua_api.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/lua_api.txt b/doc/lua_api.txt index d9a8bea97..2df0cac7c 100644 --- a/doc/lua_api.txt +++ b/doc/lua_api.txt @@ -2437,7 +2437,7 @@ These functions return the leftover itemstack. * `minetest.request_insecure_environment()`: returns an environment containing insecure functions if the calling mod has been listed as trusted in the `secure.trusted_mods` setting or security is disabled, otherwise returns `nil`. - * Only works at init time. + * Only works at init time and must be called from the mod's main scope (not from a function). * **DO NOT ALLOW ANY OTHER MODS TO ACCESS THE RETURNED ENVIRONMENT, STORE IT IN A LOCAL VARIABLE!** -- cgit v1.2.3