Remove debug.getupvalue from the Lua sandbox whitelist
This function could be used to steal insecure environments from trusted mods.master
parent
8b006a154b
commit
abd4a79acb
|
@ -116,7 +116,6 @@ void ScriptApiSecurity::initializeSecurity()
|
|||
"upvaluejoin",
|
||||
"sethook",
|
||||
"debug",
|
||||
"getupvalue",
|
||||
"setlocal",
|
||||
};
|
||||
static const char *package_whitelist[] = {
|
||||
|
|
Loading…
Reference in New Issue