Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Remove setlocal and setupvalue from debug table whitelist
It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).
  • Loading branch information
sfan5 committed Dec 18, 2021
1 parent 8c99f22 commit f405459
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions src/script/cpp_api/s_security.cpp
Expand Up @@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
"traceback",
"getinfo",
"getmetatable",
"setupvalue",
"setmetatable",
"upvalueid",
"sethook",
"debug",
"setlocal",
};
static const char *package_whitelist[] = {
"config",
Expand Down

0 comments on commit f405459

Please sign in to comment.