projects / oweals / minetest.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8b006a1)
Remove debug.getupvalue from the Lua sandbox whitelist
authorShadowNinja <shadowninja@minetest.net>
Thu, 3 Mar 2016 04:59:42 +0000 (23:59 -0500)
committerShadowNinja <shadowninja@minetest.net>
Thu, 3 Mar 2016 05:09:05 +0000 (00:09 -0500)
This function could be used to steal insecure environments from trusted mods.

src/script/cpp_api/s_security.cpp patch | blob | history

diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index 36f8e9c0d9823d0cb12774e711f9628bbe09c848..730235c7bec6f3ca9b9d88b416c1b4afdddf335c 100644 (file)
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
                "upvaluejoin",
                "sethook",
                "debug",
-               "getupvalue",
                "setlocal",
        };
        static const char *package_whitelist[] = {
Unnamed repository; edit this file 'description' to name the repository.