New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mod security: Accessing mod paths in callbacks is broken #4692
Comments
It seems like this is because mg is accessing a file in its mod dir (which it should be able to do) after init (which it can't do because MT isn't sure what mod is running). |
In the error message right after it seems to be no problem to find out what mod is currently running. ???
No, this severely limits mods in what they can do at runtime. Mod security is supposed to stop them from doing bad, not to limit their potential |
That's an informational "best guess" value and not secure AFAIK. It's separate from the
Yes, I don't like it either. But I don't know if there's anything to be done about it other than using one of those workarounds or disabling mod security when using that mod. |
This is a dumb arbitrary limitation, if this isn't fixed before release we can't leave mod security enabled. |
Something similar to this also causes this error in this code https://github.com/minetest-LOTR/Lord-of-the-Test/blob/master/mods/lottmapgen/schematics.lua#L34-L42:
The same code works fine with mod security disabled. (Small discussion on irc about this: http://irc.minetest.net/minetest/2016-11-03#i_4736790) |
@ShadowNinja Okay. My specific issue has been fixed, but now I'm getting the same error as is given in the first post. |
I thought of a possible way to fix this. |
@ShadowNinja I agree with that proposal. |
Also, there could be a directory in the world dir that is only accessible to trusted mods, where those mods can store secrets, and maybe each mod could contain a directory |
#4849 merged. Testing appreciated since we are close to release. |
The -> false refers to this line.
The text was updated successfully, but these errors were encountered: