From: ShadowNinja <shadowninja@minetest.net>
Date: Thu, 3 Mar 2016 04:59:42 +0000 (-0500)
Subject: Remove debug.getupvalue from the Lua sandbox whitelist
X-Git-Tag: 0.4.14~206
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=abd4a79acbdfcea0bb661b8065ef3ac8f3e25e80;p=oweals%2Fminetest.git

Remove debug.getupvalue from the Lua sandbox whitelist

This function could be used to steal insecure environments from trusted mods.
---

diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index 36f8e9c0d..730235c7b 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
 		"upvaluejoin",
 		"sethook",
 		"debug",
-		"getupvalue",
 		"setlocal",
 	};
 	static const char *package_whitelist[] = {