Remove setlocal and setupvalue from `debug` table whitelist
It's likely that these could be used trick mods into revealing the insecure environment even if they do everything right (which is already hard enough).master
parent
8c99f2232b
commit
f405459548
|
@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
|
||||||
"traceback",
|
"traceback",
|
||||||
"getinfo",
|
"getinfo",
|
||||||
"getmetatable",
|
"getmetatable",
|
||||||
"setupvalue",
|
|
||||||
"setmetatable",
|
"setmetatable",
|
||||||
"upvalueid",
|
"upvalueid",
|
||||||
"sethook",
|
"sethook",
|
||||||
"debug",
|
"debug",
|
||||||
"setlocal",
|
|
||||||
};
|
};
|
||||||
static const char *package_whitelist[] = {
|
static const char *package_whitelist[] = {
|
||||||
"config",
|
"config",
|
||||||
|
|
Loading…
Reference in New Issue