Follow-up Comment #7, bug #21768 (project wesnoth):
I think this is a good point about security issues with exposing units.
It would be nice if we could make a safe lua mode where we expose only a
const reference to the wesnoth object somehow but as far as I know lua doesn't
support this. Does
Follow-up Comment #8, bug #21768 (project wesnoth):
I looked at this again, and I don't think there is actually a security risk
here in the sense of buffer overflow / illegal memory access, due to the
interaction of lua with units. The lua userdata construct is meant to
abstract C types from lua
Follow-up Comment #4, bug #21768 (project wesnoth):
The file is still missing. Perhaps some technical problem on your side ?
I don't know wanything about security, but I don't think we need to worry.
What I called direct pointers are lua userdata objects, instances of the
class lua_unit from
Follow-up Comment #5, bug #21768 (project wesnoth):
That being said, I seem to recall using lua_function= to modify the gamestate
anyway. For instance, just setting a variable or so are safe things. So it
could break backwards compatibility.
The most dangerous things I can think of are adding or
Follow-up Comment #6, bug #21768 (project wesnoth):
Ah, looks like I'm hitting the upload size limit. So here it is as a forum
attachment: http://forums.wesnoth.org/viewtopic.php?f=4t=40171
I don't think it would be hard to insert checks in intf_put_unit etc
(whichever ones you think are
Follow-up Comment #2, bug #21768 (project wesnoth):
Reading the other bug report hardens my assumption.
You can perhaps get around the problem by not using any of those lua functions
which add or remove units from the unit_map (wesnoth.put_unit,
wesnoth.extract_unit). wesnoth.get_unit(s) return
Follow-up Comment #3, bug #21768 (project wesnoth):
Uploaded the file.
I agree that the behavior I'm using shouldn't be supported. However, my
understanding is that Wesnoth should *never* be exposing unsafe pointers to
scripts, because it is a security issue. The proper behavior would be to
URL:
http://gna.org/bugs/?21768
Summary: segfault in lua_function= filter
Project: Battle for Wesnoth
Submitted by: elvish_pillager
Submitted on: Fri 07 Mar 2014 07:25:16 PM UTC
Category: Bug
Severity: 3 -