The commit log of revision 48229 reads: <quote> Reverted part of r48216, since it opened a major security breach in Wesnoth. Indeed, it caused the Lua engine to skip unwinding of its state in presence of an exception, which opened the way to several attacks. For instance, setting gc finalizers and then forcing GUI2 to throw an exception would allow a multiplayer scenario to execute arbitrary code on a remote client. </quote>
I wonder about two things: - how can somebody set a gc finalizer? Can this done by a lua code itself or only from C++? - if it is a security issue when an exception is thrown, then why is it save if the user terminates Wesnoth normally? -- Regards, Mark de Wever aka Mordante/SkeletonCrew _______________________________________________ Wesnoth-dev mailing list Wesnoth-dev@gna.org https://mail.gna.org/listinfo/wesnoth-dev
