Minetest logo

IRC log for #minetest-dev, 2021-12-17

| Channels | #minetest-dev index | Today | | Google Search | Plaintext

All times shown according to UTC.

Time Nick Message
00:16 v-rob joined #minetest-dev
00:18 Alias2 joined #minetest-dev
00:24 fluxionary joined #minetest-dev
00:35 Taoki joined #minetest-dev
01:04 v-rob joined #minetest-dev
01:47 v-rob joined #minetest-dev
03:05 tekakutli joined #minetest-dev
03:28 queria^clone joined #minetest-dev
03:33 queria^clone joined #minetest-dev
03:48 v-rob joined #minetest-dev
04:13 olliy joined #minetest-dev
04:53 Taoki joined #minetest-dev
05:00 MTDiscord joined #minetest-dev
05:11 v-rob joined #minetest-dev
05:17 fluxionary joined #minetest-dev
05:30 v-rob joined #minetest-dev
05:40 v-rob joined #minetest-dev
07:04 olliy1or joined #minetest-dev
07:51 olliy joined #minetest-dev
08:11 olliy joined #minetest-dev
08:45 calcul0n joined #minetest-dev
10:29 olliy1or joined #minetest-dev
12:09 Fleckenstein joined #minetest-dev
12:33 olliy joined #minetest-dev
12:37 appguru joined #minetest-dev
13:05 YuGiOhJCJ joined #minetest-dev
13:23 proller joined #minetest-dev
13:29 asdflkj_sh joined #minetest-dev
13:41 tekakutli joined #minetest-dev
13:45 tekakutli joined #minetest-dev
14:43 Fixer joined #minetest-dev
16:16 proller joined #minetest-dev
16:22 MTDiscord <luatic> I'm pretty sure the debug whitelist is way too permissive and effectively allows trivially exiting the sandbox if another mod holds an insecure environment. The following functions are currently whitelisted: "gethook", "traceback", "getinfo", "getmetatable", "setupvalue", "setmetatable", "upvalueid", "sethook", "debug", "setlocal". "setupvalue" and "setlocal" can be used to interfere in "private" mod code, tricking "secure" mods into
16:22 MTDiscord leaking their environments. "debug.setmetatable" can be used to execute code in a "__gc" metamethod after a crash.
16:23 MTDiscord <luatic> But please, don't take this away from me, it allows me to change to font on runtime for my game
16:23 MTDiscord <luatic> And to correctly reset it afterwards, even if the game crashes
16:31 sfan5 you need setupvalue and setlocal for that?
16:33 MTDiscord <luatic> No, not for that. I only need setmetatable for that, but I'm sure debug.getmetatable / debug.setmetatable is pretty exploitable too as it ignores the __metatable field.
16:35 sfan5 does it allow touching userdata objects
16:37 MTDiscord <luatic> Yes
16:38 erlehmann > But please, don't take this away from me, it allows me to change to font on runtime for my game
16:38 erlehmann wouldn't it be easier to make that into a thing
16:38 erlehmann if you are consolidating font api anyways
16:38 erlehmann games being able to set fonts
16:39 erlehmann (overridable by the user of course otherwise stuff becomes unreadable)
16:39 erlehmann luatic which sandbox are you referring to?
16:39 MTDiscord <luatic> The insecure environment sandbox
16:40 MTDiscord <luatic> I'm getting very weird behavior here...
16:40 MTDiscord <luatic> If I remove my hack, it segfaults, lol
16:40 MTDiscord <luatic> But it also seems to work without part of the hack
16:41 MTDiscord <luatic> Yay relying on undefined behavior
16:42 proller joined #minetest-dev
17:10 proller joined #minetest-dev
18:05 Taoki joined #minetest-dev
18:09 fluxionary joined #minetest-dev
18:15 tekakutli joined #minetest-dev
18:24 sfan5 #11867
18:24 ShadowBot https://github.com/minetest/minetest/issues/11867 -- [no squash] Mod security improvements by sfan5
18:33 EliasFleckenstei joined #minetest-dev
18:39 EliasFleckenstei joined #minetest-dev
18:39 Fleckenstein joined #minetest-dev
18:53 Fleckenstein joined #minetest-dev
19:44 appguru joined #minetest-dev
20:37 proller joined #minetest-dev
21:23 proller joined #minetest-dev
21:44 v-rob joined #minetest-dev
21:48 Taoki joined #minetest-dev
22:01 m42uko joined #minetest-dev
22:09 calcul0n_ joined #minetest-dev
23:03 proller joined #minetest-dev
23:10 sfan5 I think we should cut down on the number of PRs by merging all of mine ;)
23:12 MTDiscord <Jonathon> thats only 10
23:13 MTDiscord <Jonathon> of which you technically have conflicts
23:17 erlehmann fixing those will only make me file new bugs
23:18 erlehmann you can't win this battle!
23:18 erlehmann also, as you said yourself: if you fix one bug, ppl demand you fix others as well
23:18 erlehmann ^^
23:19 MTDiscord <Jonathon> i think your going to spam the issue list no matter what erlehmann, so whatever anyone does at this point in relationship to you is irrelevant
23:19 erlehmann i was kinda joking
23:20 MTDiscord <Jonathon> anyways, sfan5: curious if that debug log was helpful at all?
23:20 erlehmann but i did notice that whenever i try to find bugs i end up filing like 5 or 10 at a time
23:20 erlehmann which is exhausting for everyone involved, so i try to not do it
23:20 erlehmann unless something really goes on my nerves
23:21 sfan5 @Jonathon sort of, I need to do some stuff for further analysis and haven't gotten to that yet
23:21 sfan5 well actually s/sort of/yes/
23:21 sfan5 it contained a clue so it was useful
23:22 MTDiscord <Jonathon> ah ok, thank you
23:36 proller joined #minetest-dev

| Channels | #minetest-dev index | Today | | Google Search | Plaintext