Rtch/bettola
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Add] Closed some vulns allowing Lua to escape sandbox.

Browse Source
This commit is contained in:
Ritchie Cunningham 2025-11-01 17:56:43 +00:00
parent b4855fa47e
commit b5c6b523a3
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common/src/lua_processor.cpp
View File

@ -11,6 +11,20 @@
LuaProcessor::LuaProcessor(Session& context) {
_lua.open_libraries(sol::lib::base, sol::lib::string, sol::lib::table);
/* Remove some dangerous functions from the base lib. */
_lua["dofile"] = sol::nil;
_lua["loadfile"] = sol::nil;
_lua["load"] = sol::nil;
_lua["pcall"] = sol::nil;
_lua["xpcall"] = sol::nil;
_lua["collectgarbage"] = sol::nil;
_lua["getmetatable"] = sol::nil;
_lua["setmetatable"] = sol::nil;
_lua["rawequal"] = sol::nil;
_lua["rawget"] = sol::nil;
_lua["rawset"] = sol::nil;
_lua["rawlen"] = sol::nil;
/* Expose vfs_node struct members to Lua. */
_lua.new_usertype<vfs_node>("vfs_node",
"name", &vfs_node::name,