Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Add core.request_insecure_environment()
- Loading branch information
|
@@ -2290,13 +2290,20 @@ These functions return the leftover itemstack. |
|
|
* `minetest.forceload_block(pos)` |
|
|
* forceloads the position `pos`. |
|
|
* returns `true` if area could be forceloaded |
|
|
* Please note that forceloaded areas are saved when the server restarts. |
|
|
|
|
|
* `minetest.forceload_free_block(pos)` |
|
|
* stops forceloading the position `pos` |
|
|
Please note that forceloaded areas are saved when the server restarts. |
|
|
|
|
|
minetest.global_exists(name) |
|
|
^ Checks if a global variable has been set, without triggering a warning. |
|
|
* `minetest.request_insecure_environment()`: returns an environment containing |
|
|
insecure functions if the calling mod has been listed as trusted in the |
|
|
`secure.trusted_mods` setting or security is disabled, otherwise returns `nil`. |
|
|
* Only works at init time. |
|
|
* **DO NOT ALLOW ANY OTHER MODS TO ACCESS THE RETURNED ENVIRONMENT, STORE IT IN |
|
|
A LOCAL VARIABLE!** |
|
|
|
|
|
* `minetest.global_exists(name)` |
|
|
* Checks if a global variable has been set, without triggering a warning. |
|
|
|
|
|
### Global objects |
|
|
* `minetest.env`: `EnvRef` of the server environment and world. |
|
|
|
@@ -571,4 +571,7 @@ |
|
|
|
|
|
# Prevent mods from doing insecure things like running shell commands. |
|
|
#secure.enable_security = false |
|
|
# Comma-separated list of trusted mods that are allowed to access insecure |
|
|
# functions even when mod security is on (via request_insecure_environment()). |
|
|
#secure.trusted_mods = |
|
|
|
|
@@ -273,6 +273,7 @@ void set_default_settings(Settings *settings) |
|
|
settings->setDefault("emergequeue_limit_generate", "32"); |
|
|
settings->setDefault("num_emerge_threads", "1"); |
|
|
settings->setDefault("secure.enable_security", "false"); |
|
|
settings->setDefault("secure.trusted_mods", ""); |
|
|
|
|
|
// physics stuff |
|
|
settings->setDefault("movement_acceleration_default", "3"); |
|
|
|
@@ -32,6 +32,7 @@ with this program; if not, write to the Free Software Foundation, Inc., |
|
|
#include "filesys.h" |
|
|
#include "settings.h" |
|
|
#include "util/auth.h" |
|
|
#include <algorithm> |
|
|
|
|
|
// debug(...) |
|
|
// Writes a line to dstream |
|
@@ -316,7 +317,7 @@ int ModApiUtil::l_compress(lua_State *L) |
|
|
int ModApiUtil::l_decompress(lua_State *L) |
|
|
{ |
|
|
size_t size; |
|
|
const char * data = luaL_checklstring(L, 1, &size); |
|
|
const char *data = luaL_checklstring(L, 1, &size); |
|
|
|
|
|
std::istringstream is(std::string(data, size)); |
|
|
std::ostringstream os; |
|
@@ -339,6 +340,30 @@ int ModApiUtil::l_mkdir(lua_State *L) |
|
|
} |
|
|
|
|
|
|
|
|
int ModApiUtil::l_request_insecure_environment(lua_State *L) |
|
|
{ |
|
|
NO_MAP_LOCK_REQUIRED; |
|
|
if (!ScriptApiSecurity::isSecure(L)) { |
|
|
lua_getglobal(L, "_G"); |
|
|
return 1; |
|
|
} |
|
|
lua_getfield(L, LUA_REGISTRYINDEX, SCRIPT_MOD_NAME_FIELD); |
|
|
if (!lua_isstring(L, -1)) { |
|
|
lua_pushnil(L); |
|
|
return 1; |
|
|
} |
|
|
const char *mod_name = lua_tostring(L, -1); |
|
|
std::string trusted_mods = g_settings->get("secure.trusted_mods"); |
|
|
std::vector<std::string> mod_list = str_split(trusted_mods, ','); |
|
|
if (std::find(mod_list.begin(), mod_list.end(), mod_name) == mod_list.end()) { |
|
|
lua_pushnil(L); |
|
|
return 1; |
|
|
} |
|
|
lua_getfield(L, LUA_REGISTRYINDEX, "globals_backup"); |
|
|
return 1; |
|
|
} |
|
|
|
|
|
|
|
|
void ModApiUtil::Initialize(lua_State *L, int top) |
|
|
{ |
|
|
API_FCT(debug); |
|
@@ -366,6 +391,8 @@ void ModApiUtil::Initialize(lua_State *L, int top) |
|
|
API_FCT(decompress); |
|
|
|
|
|
API_FCT(mkdir); |
|
|
|
|
|
API_FCT(request_insecure_environment); |
|
|
} |
|
|
|
|
|
void ModApiUtil::InitializeAsync(AsyncEngine& engine) |
|
|
|
@@ -90,6 +90,9 @@ class ModApiUtil : public ModApiBase { |
|
|
// mkdir(path) |
|
|
static int l_mkdir(lua_State *L); |
|
|
|
|
|
// request_insecure_environment() |
|
|
static int l_request_insecure_environment(lua_State *L); |
|
|
|
|
|
public: |
|
|
static void Initialize(lua_State *L, int top); |
|
|
|
|
@@ -98,3 +101,4 @@ class ModApiUtil : public ModApiBase { |
|
|
}; |
|
|
|
|
|
#endif /* L_UTIL_H_ */ |
|
|
|