Remove setlocal and setupvalue from `debug` table whitelist
It's likely that these could be used trick mods into revealing the insecure environment even if they do everything right (which is already hard enough).pull/56/head
parent
8c99f2232b
commit
f405459548
|
@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
|
|||
"traceback",
|
||||
"getinfo",
|
||||
"getmetatable",
|
||||
"setupvalue",
|
||||
"setmetatable",
|
||||
"upvalueid",
|
||||
"sethook",
|
||||
"debug",
|
||||
"setlocal",
|
||||
};
|
||||
static const char *package_whitelist[] = {
|
||||
"config",
|
||||
|
|
Loading…
Reference in New Issue