From f3ad75691aea30d2d68aab19fbfa9031409c39d7 Mon Sep 17 00:00:00 2001 From: red-001 Date: Fri, 30 Jun 2017 19:14:39 +0100 Subject: Create a filesystem abstraction layer for CSM and only allow accessing files that are scanned into it. (#5965) * Load client-side mods into memory before executing them. This removes the remaining filesystem access that client-sided mods had and it will hopefully make then more secure. * Lua Virtual filesystem: don't load the files into memory just scan the filenames into memory. * Fix the issues with backtrace * fix most of the issues * fix code style. * add a comment --- src/script/cpp_api/s_security.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src/script/cpp_api/s_security.h') diff --git a/src/script/cpp_api/s_security.h b/src/script/cpp_api/s_security.h index f0eef00bb..059dccef1 100644 --- a/src/script/cpp_api/s_security.h +++ b/src/script/cpp_api/s_security.h @@ -41,14 +41,18 @@ with this program; if not, write to the Free Software Foundation, Inc., class ScriptApiSecurity : virtual public ScriptApiBase { public: - int backupGlobals(lua_State *L); + int getThread(lua_State *L); + // creates an empty Lua environment + void createEmptyEnv(lua_State *L); + // sets the enviroment to the table thats on top of the stack + void setLuaEnv(lua_State *L, int thread); // Sets up security on the ScriptApi's Lua state void initializeSecurity(); void initializeSecurityClient(); // Checks if the Lua state has been secured static bool isSecure(lua_State *L); // Loads a file as Lua code safely (doesn't allow bytecode). - static bool safeLoadFile(lua_State *L, const char *path); + static bool safeLoadFile(lua_State *L, const char *path, const char *display_name = NULL); // Checks if mods are allowed to read (and optionally write) to the path static bool checkPath(lua_State *L, const char *path, bool write_required, bool *write_allowed=NULL); -- cgit v1.2.3