mirror of
https://github.com/ZDoom/raze-gles.git
synced 2024-12-25 11:10:47 +00:00
Lunatic: protect user modules from tampering, too.
git-svn-id: https://svn.eduke32.com/eduke32@2840 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
ee9991adbd
commit
3c5e36feb4
2 changed files with 29 additions and 3 deletions
|
@ -528,6 +528,7 @@ for modname, themodule in pairs(allowed_modules) do
|
||||||
__metatable = true,
|
__metatable = true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
-- Comment out to make base modules not protected:
|
||||||
allowed_modules[modname] = setmetatable({}, mt)
|
allowed_modules[modname] = setmetatable({}, mt)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -611,10 +612,27 @@ local function our_require(modname)
|
||||||
if (type(modtab) ~= "table") then
|
if (type(modtab) ~= "table") then
|
||||||
errorf(ERRLEV-1, "Didn't load module \"%s\": expected table as return value", modname)
|
errorf(ERRLEV-1, "Didn't load module \"%s\": expected table as return value", modname)
|
||||||
end
|
end
|
||||||
|
|
||||||
package_loaded[modname] = modtab
|
package_loaded[modname] = modtab
|
||||||
|
else
|
||||||
|
modtab = package_loaded[modname]
|
||||||
|
|
||||||
|
if (type(modtab) ~= "table") then
|
||||||
|
errorf(ERRLEV-1, "Didn't load module \"%s\": expected module() to be called", modname)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
return package_loaded[modname]
|
-- Protect module table...
|
||||||
|
local mt = {
|
||||||
|
__index = modtab,
|
||||||
|
__newindex = function(tab,idx,val)
|
||||||
|
error("modifying module table forbidden", 2)
|
||||||
|
end,
|
||||||
|
}
|
||||||
|
-- ..here:
|
||||||
|
setmetatable(modtab, mt)
|
||||||
|
|
||||||
|
return modtab
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -96,6 +96,8 @@ if (vol==1 and lev==8) then
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local unsafe = pcall(function() string.UNSAFE=true; end)
|
||||||
|
|
||||||
--]]
|
--]]
|
||||||
--tostring = nil -- REMEMBER
|
--tostring = nil -- REMEMBER
|
||||||
--DBG_.printkv('_G in test.elua', _G)
|
--DBG_.printkv('_G in test.elua', _G)
|
||||||
|
@ -151,8 +153,12 @@ checkfail('gv.CEILING = 3', "cannot create new or write into existing fields of
|
||||||
checkfail('local s=require[[string]]; local tmp=s.dump(gameevent)',
|
checkfail('local s=require[[string]]; local tmp=s.dump(gameevent)',
|
||||||
"attempt to call field 'dump' (a nil value)")
|
"attempt to call field 'dump' (a nil value)")
|
||||||
|
|
||||||
-- disallow changing base module tables
|
if (not unsafe) then
|
||||||
checkfail('local s=require[[string]]; s.format=nil', "modifying base module table forbidden")
|
-- changing base module tables is disallowed
|
||||||
|
checkfail('local s=require[[string]]; s.format=nil', "modifying base module table forbidden")
|
||||||
|
else
|
||||||
|
print('WARNING: RUNNING WITH UNPROTECTED BASE MODULES')
|
||||||
|
end
|
||||||
|
|
||||||
print('')
|
print('')
|
||||||
-- This is problematic, even though pretty much every access will yield a
|
-- This is problematic, even though pretty much every access will yield a
|
||||||
|
@ -173,6 +179,8 @@ checkfail('local spr = sprite[0]; local x=spr+1',
|
||||||
|
|
||||||
checkfail('gameactor(1680, 0)', "bad argument #3 to 'gameactor' (function expected, got number)")
|
checkfail('gameactor(1680, 0)', "bad argument #3 to 'gameactor' (function expected, got number)")
|
||||||
|
|
||||||
|
checkfail("do local bt=require'bittest'; bt.QWE=1; end", "modifying module table forbidden")
|
||||||
|
|
||||||
|
|
||||||
printf('ceilingbunch of sector 0: %d', getbunch(0, gv.CEILING))
|
printf('ceilingbunch of sector 0: %d', getbunch(0, gv.CEILING))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue