[CSM] Improve security #5100
[CSM] Improve security #5100
Conversation
|
@sapier is this correct for you ? |
| "date", | ||
| "difftime", | ||
| "time", | ||
| "setlocale", |
There was a problem hiding this comment.
just remove it here instead of setting it to nil in init.lua
There was a problem hiding this comment.
it's used by bultin.
| "setlocale", | ||
| }; | ||
| static const char *debug_whitelist[] = { | ||
| "getinfo", |
There was a problem hiding this comment.
combined with the other changed this effectively disables the debug library, why?
There was a problem hiding this comment.
usually debug code provides a lot of information about internal things.
e.g. some of the debug functions provide access to local variables of other functions.
As debug usually ain't used by anything productive disabling it completely is the savest way to get rid of those issues. Of course you could check each debug fct on it's own but I assume if you remove all potentially unsave ones debug wouldn't be usefull anyway ;-)
| "math", | ||
| }; | ||
| static const char *io_whitelist[] = { | ||
| "close", |
There was a problem hiding this comment.
client side lua should not be able to read the filesystem at all, apart dofile
There was a problem hiding this comment.
in fact, reading FS okay, but only in selected places. Client side mode can have logs, or local data (for example imagine pure client side notes, like a journal)
There was a problem hiding this comment.
logs
Should use an api feature for this
local data
Should use a virtual filesystem similar to HTML5's webstorage/localstorage
There was a problem hiding this comment.
I agree to rubenwardy. Deciding which path to access is quite hard if you consider the corner cases. If you limit to a single mod specific folder you're basically imitating a virtual filesystem. If not you risk missing some critical parts. e.g. /tmp usually is fine for local applications but there's a lot of data stored in /tmp you don't want someone from outside your machine to access.
| SECURE_API(g, dofile); | ||
| SECURE_API(g, loadstring); | ||
| SECURE_API(g, require); | ||
| lua_pop(L, 1); |
There was a problem hiding this comment.
check if these save functions are save enough for clientside
| SECURE_API(io, input); | ||
| SECURE_API(io, output); | ||
| SECURE_API(io, lines); | ||
|
|
There was a problem hiding this comment.
check if these save functions are save enough for clientside same her especially for open
|
The jit part should check |
red-001
force-pushed
the
improve_security
branch
from
1bea2cd
to
fad8ff5
Compare
nerzhul
force-pushed
the
client_side_modding
branch
2 times, most recently
from
b4aaca4
to
635507c
Compare
|
can you rebase @red-001 ? |
red-001
force-pushed
the
improve_security
branch
from
fad8ff5
to
1c2bce5
Compare
|
Lacking description. |
No description provided.