Skip to content
Permalink
Browse files
Remove setlocal and setupvalue from debug table whitelist
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
  • Loading branch information
sfan5 committed Dec 18, 2021
1 parent 8c99f22 commit f4054595482bf4573075f45d3ca56076a0d6113e
Showing with 0 additions and 2 deletions.
  1. +0 −2 src/script/cpp_api/s_security.cpp
@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
"traceback",
"getinfo",
"getmetatable",
"setupvalue",
"setmetatable",
"upvalueid",
"sethook",
"debug",
"setlocal",
};
static const char *package_whitelist[] = {
"config",

0 comments on commit f405459

Please sign in to comment.