| Time |
Nick |
Message |
| 00:16 |
|
v-rob joined #minetest-dev |
| 00:18 |
|
Alias2 joined #minetest-dev |
| 00:24 |
|
fluxionary joined #minetest-dev |
| 00:35 |
|
Taoki joined #minetest-dev |
| 01:04 |
|
v-rob joined #minetest-dev |
| 01:47 |
|
v-rob joined #minetest-dev |
| 03:05 |
|
tekakutli joined #minetest-dev |
| 03:28 |
|
queria^clone joined #minetest-dev |
| 03:33 |
|
queria^clone joined #minetest-dev |
| 03:48 |
|
v-rob joined #minetest-dev |
| 04:13 |
|
olliy joined #minetest-dev |
| 04:53 |
|
Taoki joined #minetest-dev |
| 05:00 |
|
MTDiscord joined #minetest-dev |
| 05:11 |
|
v-rob joined #minetest-dev |
| 05:17 |
|
fluxionary joined #minetest-dev |
| 05:30 |
|
v-rob joined #minetest-dev |
| 05:40 |
|
v-rob joined #minetest-dev |
| 07:04 |
|
olliy1or joined #minetest-dev |
| 07:51 |
|
olliy joined #minetest-dev |
| 08:11 |
|
olliy joined #minetest-dev |
| 08:45 |
|
calcul0n joined #minetest-dev |
| 10:29 |
|
olliy1or joined #minetest-dev |
| 12:09 |
|
Fleckenstein joined #minetest-dev |
| 12:33 |
|
olliy joined #minetest-dev |
| 12:37 |
|
appguru joined #minetest-dev |
| 13:05 |
|
YuGiOhJCJ joined #minetest-dev |
| 13:23 |
|
proller joined #minetest-dev |
| 13:29 |
|
asdflkj_sh joined #minetest-dev |
| 13:41 |
|
tekakutli joined #minetest-dev |
| 13:45 |
|
tekakutli joined #minetest-dev |
| 14:43 |
|
Fixer joined #minetest-dev |
| 16:16 |
|
proller joined #minetest-dev |
| 16:22 |
MTDiscord |
<luatic> I'm pretty sure the debug whitelist is way too permissive and effectively allows trivially exiting the sandbox if another mod holds an insecure environment. The following functions are currently whitelisted: "gethook", "traceback", "getinfo", "getmetatable", "setupvalue", "setmetatable", "upvalueid", "sethook", "debug", "setlocal". "setupvalue" and "setlocal" can be used to interfere in "private" mod code, tricking "secure" mods into |
| 16:22 |
MTDiscord |
leaking their environments. "debug.setmetatable" can be used to execute code in a "__gc" metamethod after a crash. |
| 16:23 |
MTDiscord |
<luatic> But please, don't take this away from me, it allows me to change to font on runtime for my game |
| 16:23 |
MTDiscord |
<luatic> And to correctly reset it afterwards, even if the game crashes |
| 16:31 |
sfan5 |
you need setupvalue and setlocal for that? |
| 16:33 |
MTDiscord |
<luatic> No, not for that. I only need setmetatable for that, but I'm sure debug.getmetatable / debug.setmetatable is pretty exploitable too as it ignores the __metatable field. |
| 16:35 |
sfan5 |
does it allow touching userdata objects |
| 16:37 |
MTDiscord |
<luatic> Yes |
| 16:38 |
erlehmann |
> But please, don't take this away from me, it allows me to change to font on runtime for my game |
| 16:38 |
erlehmann |
wouldn't it be easier to make that into a thing |
| 16:38 |
erlehmann |
if you are consolidating font api anyways |
| 16:38 |
erlehmann |
games being able to set fonts |
| 16:39 |
erlehmann |
(overridable by the user of course otherwise stuff becomes unreadable) |
| 16:39 |
erlehmann |
luatic which sandbox are you referring to? |
| 16:39 |
MTDiscord |
<luatic> The insecure environment sandbox |
| 16:40 |
MTDiscord |
<luatic> I'm getting very weird behavior here... |
| 16:40 |
MTDiscord |
<luatic> If I remove my hack, it segfaults, lol |
| 16:40 |
MTDiscord |
<luatic> But it also seems to work without part of the hack |
| 16:41 |
MTDiscord |
<luatic> Yay relying on undefined behavior |
| 16:42 |
|
proller joined #minetest-dev |
| 17:10 |
|
proller joined #minetest-dev |
| 18:05 |
|
Taoki joined #minetest-dev |
| 18:09 |
|
fluxionary joined #minetest-dev |
| 18:15 |
|
tekakutli joined #minetest-dev |
| 18:24 |
sfan5 |
#11867 |
| 18:24 |
ShadowBot |
https://github.com/minetest/minetest/issues/11867 -- [no squash] Mod security improvements by sfan5 |
| 18:33 |
|
EliasFleckenstei joined #minetest-dev |
| 18:39 |
|
EliasFleckenstei joined #minetest-dev |
| 18:39 |
|
Fleckenstein joined #minetest-dev |
| 18:53 |
|
Fleckenstein joined #minetest-dev |
| 19:44 |
|
appguru joined #minetest-dev |
| 20:37 |
|
proller joined #minetest-dev |
| 21:23 |
|
proller joined #minetest-dev |
| 21:44 |
|
v-rob joined #minetest-dev |
| 21:48 |
|
Taoki joined #minetest-dev |
| 22:01 |
|
m42uko joined #minetest-dev |
| 22:09 |
|
calcul0n_ joined #minetest-dev |
| 23:03 |
|
proller joined #minetest-dev |
| 23:10 |
sfan5 |
I think we should cut down on the number of PRs by merging all of mine ;) |
| 23:12 |
MTDiscord |
<Jonathon> thats only 10 |
| 23:13 |
MTDiscord |
<Jonathon> of which you technically have conflicts |
| 23:17 |
erlehmann |
fixing those will only make me file new bugs |
| 23:18 |
erlehmann |
you can't win this battle! |
| 23:18 |
erlehmann |
also, as you said yourself: if you fix one bug, ppl demand you fix others as well |
| 23:18 |
erlehmann |
^^ |
| 23:19 |
MTDiscord |
<Jonathon> i think your going to spam the issue list no matter what erlehmann, so whatever anyone does at this point in relationship to you is irrelevant |
| 23:19 |
erlehmann |
i was kinda joking |
| 23:20 |
MTDiscord |
<Jonathon> anyways, sfan5: curious if that debug log was helpful at all? |
| 23:20 |
erlehmann |
but i did notice that whenever i try to find bugs i end up filing like 5 or 10 at a time |
| 23:20 |
erlehmann |
which is exhausting for everyone involved, so i try to not do it |
| 23:20 |
erlehmann |
unless something really goes on my nerves |
| 23:21 |
sfan5 |
@Jonathon sort of, I need to do some stuff for further analysis and haven't gotten to that yet |
| 23:21 |
sfan5 |
well actually s/sort of/yes/ |
| 23:21 |
sfan5 |
it contained a clue so it was useful |
| 23:22 |
MTDiscord |
<Jonathon> ah ok, thank you |
| 23:36 |
|
proller joined #minetest-dev |
