Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
disallow loading lua bytecode via load/dofile (CVE-2018-1999023)
This could otherwise be used to escape the lua sandbox, as described in multiple sources. For example one can use it to reenable the os.execute function to do shell commands The affected functions were load,loadstring,wesnoth.dofile,wesnoth.require and various places in the wesnoth source where lua chunks were loaded for example by the ai code. This commit also changes the lua source to change luas load (which is the same as loadstring), alternatively we could add a wrapper around the original load function that always passes "t" as third parameter, i went this way mostly because it was easier to implement, but also because i was not 100% sure that is is impossible to query the upvalues of a function via lua (wesnoth disables debug.getupvalue but still). There is also an occurance in the application_lua_kernel that was not fixed because i assumed that umc cannot contian application lua scipts. As further security measure we might want to disable printing the function adress in luas tostring for c functions, this cannot be exploited by itself but it can be used to defeat ASLR in some cases.
- Loading branch information
Showing
6 changed files
with
12 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters