* `minetest.forceload_block(pos)`
* forceloads the position `pos`.
* returns `true` if area could be forceloaded
+ * Please note that forceloaded areas are saved when the server restarts.
* `minetest.forceload_free_block(pos)`
* stops forceloading the position `pos`
-Please note that forceloaded areas are saved when the server restarts.
-minetest.global_exists(name)
-^ Checks if a global variable has been set, without triggering a warning.
+* `minetest.request_insecure_environment()`: returns an environment containing
+ insecure functions if the calling mod has been listed as trusted in the
+ `secure.trusted_mods` setting or security is disabled, otherwise returns `nil`.
+ * Only works at init time.
+ * **DO NOT ALLOW ANY OTHER MODS TO ACCESS THE RETURNED ENVIRONMENT, STORE IT IN
+ A LOCAL VARIABLE!**
+
+* `minetest.global_exists(name)`
+ * Checks if a global variable has been set, without triggering a warning.
### Global objects
* `minetest.env`: `EnvRef` of the server environment and world.
# Prevent mods from doing insecure things like running shell commands.
#secure.enable_security = false
+# Comma-separated list of trusted mods that are allowed to access insecure
+# functions even when mod security is on (via request_insecure_environment()).
+#secure.trusted_mods =
settings->setDefault("emergequeue_limit_generate", "32");
settings->setDefault("num_emerge_threads", "1");
settings->setDefault("secure.enable_security", "false");
+ settings->setDefault("secure.trusted_mods", "");
// physics stuff
settings->setDefault("movement_acceleration_default", "3");
#include "filesys.h"
#include "settings.h"
#include "util/auth.h"
+#include <algorithm>
// debug(...)
// Writes a line to dstream
int ModApiUtil::l_decompress(lua_State *L)
{
size_t size;
- const char * data = luaL_checklstring(L, 1, &size);
+ const char *data = luaL_checklstring(L, 1, &size);
std::istringstream is(std::string(data, size));
std::ostringstream os;
}
+int ModApiUtil::l_request_insecure_environment(lua_State *L)
+{
+ NO_MAP_LOCK_REQUIRED;
+ if (!ScriptApiSecurity::isSecure(L)) {
+ lua_getglobal(L, "_G");
+ return 1;
+ }
+ lua_getfield(L, LUA_REGISTRYINDEX, SCRIPT_MOD_NAME_FIELD);
+ if (!lua_isstring(L, -1)) {
+ lua_pushnil(L);
+ return 1;
+ }
+ const char *mod_name = lua_tostring(L, -1);
+ std::string trusted_mods = g_settings->get("secure.trusted_mods");
+ std::vector<std::string> mod_list = str_split(trusted_mods, ',');
+ if (std::find(mod_list.begin(), mod_list.end(), mod_name) == mod_list.end()) {
+ lua_pushnil(L);
+ return 1;
+ }
+ lua_getfield(L, LUA_REGISTRYINDEX, "globals_backup");
+ return 1;
+}
+
+
void ModApiUtil::Initialize(lua_State *L, int top)
{
API_FCT(debug);
API_FCT(decompress);
API_FCT(mkdir);
+
+ API_FCT(request_insecure_environment);
}
void ModApiUtil::InitializeAsync(AsyncEngine& engine)
// mkdir(path)
static int l_mkdir(lua_State *L);
+ // request_insecure_environment()
+ static int l_request_insecure_environment(lua_State *L);
+
public:
static void Initialize(lua_State *L, int top);
};
#endif /* L_UTIL_H_ */
+
projects / oweals / minetest.git / commitdiff