aboutsummaryrefslogtreecommitdiff
path: root/fonts
ModeNameSize
-rw-r--r--Arimo-Bold.ttf420920logplain
-rw-r--r--Arimo-BoldItalic.ttf417668logplain
-rw-r--r--Arimo-Italic.ttf421372logplain
-rw-r--r--Arimo-LICENSE.txt114logplain
-rw-r--r--Arimo-Regular.ttf436876logplain
-rw-r--r--Cousine-Bold.ttf288272logplain
-rw-r--r--Cousine-BoldItalic.ttf265104logplain
-rw-r--r--Cousine-Italic.ttf262524logplain
-rw-r--r--Cousine-LICENSE.txt118logplain
-rw-r--r--Cousine-Regular.ttf309040logplain
-rw-r--r--DroidSansFallbackFull-LICENSE.txt577logplain
-rw-r--r--DroidSansFallbackFull.ttf5398328logplain
-rw-r--r--mono_dejavu_sans_10.xml257014logplain
-rw-r--r--mono_dejavu_sans_100.png56121logplain
-rw-r--r--mono_dejavu_sans_11.xml263644logplain
-rw-r--r--mono_dejavu_sans_110.png67613logplain
-rw-r--r--mono_dejavu_sans_12.xml268932logplain
-rw-r--r--mono_dejavu_sans_120.png73938logplain
-rw-r--r--mono_dejavu_sans_14.xml269188logplain
-rw-r--r--mono_dejavu_sans_140.png89073logplain
-rw-r--r--mono_dejavu_sans_16.xml275642logplain
-rw-r--r--mono_dejavu_sans_160.png101939logplain
-rw-r--r--mono_dejavu_sans_18.xml279962logplain
-rw-r--r--mono_dejavu_sans_180.png122274logplain
-rw-r--r--mono_dejavu_sans_20.xml282588logplain
-rw-r--r--mono_dejavu_sans_200.png138662logplain
-rw-r--r--mono_dejavu_sans_22.xml283950logplain
-rw-r--r--mono_dejavu_sans_220.png152844logplain
-rw-r--r--mono_dejavu_sans_24.xml286626logplain
-rw-r--r--mono_dejavu_sans_240.png170247logplain
-rw-r--r--mono_dejavu_sans_26.xml289710logplain
-rw-r--r--mono_dejavu_sans_260.png190156logplain
-rw-r--r--mono_dejavu_sans_28.xml292596logplain
-rw-r--r--mono_dejavu_sans_280.png200848logplain
-rw-r--r--mono_dejavu_sans_4.xml237740logplain
-rw-r--r--mono_dejavu_sans_40.png15668logplain
-rw-r--r--mono_dejavu_sans_6.xml245472logplain
-rw-r--r--mono_dejavu_sans_60.png29291logplain
-rw-r--r--mono_dejavu_sans_8.xml251876logplain
-rw-r--r--mono_dejavu_sans_80.png45552logplain
-rw-r--r--mono_dejavu_sans_9.xml254016logplain
-rw-r--r--mono_dejavu_sans_90.png50995logplain
id='n659' href='#n659'>659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800
/*
Minetest
Copyright (C) 2013 celeron55, Perttu Ahola <celeron55@gmail.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/

#include "cpp_api/s_security.h"

#include "filesys.h"
#include "porting.h"
#include "server.h"
#include "client/client.h"
#include "settings.h"

#include <cerrno>
#include <string>
#include <iostream>


#define SECURE_API(lib, name) \
	lua_pushcfunction(L, sl_##lib##_##name); \
	lua_setfield(L, -2, #name);


static inline void copy_safe(lua_State *L, const char *list[], unsigned len, int from=-2, int to=-1)
{
	if (from < 0) from = lua_gettop(L) + from + 1;
	if (to   < 0) to   = lua_gettop(L) + to   + 1;
	for (unsigned i = 0; i < (len / sizeof(list[0])); i++) {
		lua_getfield(L, from, list[i]);
		lua_setfield(L, to,   list[i]);
	}
}

// Pushes the original version of a library function on the stack, from the old version
static inline void push_original(lua_State *L, const char *lib, const char *func)
{
	lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_GLOBALS_BACKUP);
	lua_getfield(L, -1, lib);
	lua_remove(L, -2);  // Remove globals_backup
	lua_getfield(L, -1, func);
	lua_remove(L, -2);  // Remove lib
}


void ScriptApiSecurity::initializeSecurity()
{
	static const char *whitelist[] = {
		"assert",
		"core",
		"collectgarbage",
		"DIR_DELIM",
		"error",
		"getfenv",
		"getmetatable",
		"ipairs",
		"next",
		"pairs",
		"pcall",
		"print",
		"rawequal",
		"rawget",
		"rawset",
		"select",
		"setfenv",
		"setmetatable",
		"tonumber",
		"tostring",
		"type",
		"unpack",
		"_VERSION",
		"xpcall",
		// Completely safe libraries
		"coroutine",
		"string",
		"table",
		"math",
	};
	static const char *io_whitelist[] = {
		"close",
		"flush",
		"read",
		"type",
		"write",
	};
	static const char *os_whitelist[] = {
		"clock",
		"date",
		"difftime",
		"getenv",
		"setlocale",
		"time",
		"tmpname",
	};
	static const char *debug_whitelist[] = {
		"gethook",
		"traceback",
		"getinfo",
		"getmetatable",
		"setupvalue",
		"setmetatable",
		"upvalueid",
		"sethook",
		"debug",
		"setlocal",
	};
	static const char *package_whitelist[] = {
		"config",
		"cpath",
		"path",
		"searchpath",
	};
#if USE_LUAJIT
	static const char *jit_whitelist[] = {
		"arch",
		"flush",
		"off",
		"on",
		"opt",
		"os",
		"status",
		"version",
		"version_num",
	};
#endif
	m_secure = true;

	lua_State *L = getStack();

	// Backup globals to the registry
	lua_getglobal(L, "_G");
	lua_rawseti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_GLOBALS_BACKUP);

	// Replace the global environment with an empty one
	int thread = getThread(L);
	createEmptyEnv(L);
	setLuaEnv(L, thread);

	// Get old globals
	lua_rawgeti(L, LUA_REGISTRYINDEX, CUSTOM_RIDX_GLOBALS_BACKUP);
	int old_globals = lua_gettop(L);


	// Copy safe base functions
	lua_getglobal(L, "_G");
	copy_safe(L, whitelist, sizeof(whitelist));

	// And replace unsafe ones
	SECURE_API(g, dofile);
	SECURE_API(g, load);
	SECURE_API(g, loadfile);
	SECURE_API(g, loadstring);
	SECURE_API(g, require);
	lua_pop(L, 1);


	// Copy safe IO functions
	lua_getfield(L, old_globals, "io");
	lua_newtable(L);
	copy_safe(L, io_whitelist, sizeof(io_whitelist));

	// And replace unsafe ones
	SECURE_API(io, open);
	SECURE_API(io, input);
	SECURE_API(io, output);