Comments (10)
I seen your topic in forum (https://forum.minetest.net/viewtopic.php?f=47&t=15839).
In the last change I implemented the execution by f:read + loadstring in "Run" button. Is this way affected too?
I think the issue with qa_block is the limitation
Reading/writing to anywhere in your mod directory after the init stage.
so there is the way only to request insecure environment by adding this mod to the trusted mods :-/
from qa_block.
If I am right and the limitation is after the init stage only I try to write a "restircted mode" for this that reads all files at init stage and there is no refresh list and no ad-hoc reads of new files :(
from qa_block.
Yeah, I too think that this must be a “trusted mod”. But even trusted mods must obey some rules, so either way changes are neccessary. You can test this mod by enabling mod security for yourselves.
I guess we just need to accept the fact that this mod must be trusted. The mod security feature is an important addition to Minetest and there is good reason to have it enabled. qa_block
is mostly a debugging/testing mod anyway, so I guess it is not too much to ask to add this mod to “trusted”.
Since this mod is free software, anyone with doubts can just read the source code. :-)
from qa_block.
What do you think about this solution: https://github.com/bell07/minetest-qa_block/tree/restricted works? In case of no insecure environment the mod should be work as security designed, without ad-hoc functionality.
from qa_block.
Cool, a fallback mode. Nice idea. Just make sure you write it down in README or whatever that the full functionality is only achieved by adding this mod to trusted.
But I have not tested this yet. I am not sure if I get around testing this today. Maybe later, sorry. :-(
from qa_block.
I am not realy firm with documentation. Can you please write some words after testing? I tested it already an it works as expected for me. Just the "Close" button seems to be strange placed without the "Refresh" button at the left. I will add a "not trusted mode" hint to the place of refresh button and then push them to master.
from qa_block.
Today I tested with released minetest version 0.4.15. and security enabled. Found out the previous missed, but needed functionality is available now in security-enabled mode. (io.open, minetest.get_dir_list, loadstring, pcall). Therefore I removed all "restricted-mode" code from the mod in b89d20b
. Tested again, the qa_block does work without any restriction in secured environment and not in trusted-mods list.
Please let me know if you see any issues with this solution.
from qa_block.
Well, it turns out Minetest developers disabled mod security for the 0.4.15 release because they didn't really trust it to be working, so I don't really bother testing now. :P
from qa_block.
I was surprised the security is not enabled by default. But with security enabled there is no issue with qa_block functionality for me. Can you pls. confirm this after a short test (and after the other issue is solved)? So I can close the issue in this case
from qa_block.
Tested with MT 0.4.16 and security enabled. No issue appears. Please reopen the issue if you get a new crash
from qa_block.
Related Issues (10)
- Add help for the QA block HOT 5
- Hide core variables from Lua itself and Minetest's Lua API HOT 1
- Colorize the list of variables HOT 1
- Multi-line string in globals list breaks the display HOT 3
- Variable editing menu should only open for numbers and strings HOT 2
- Global value smartfs_enabled HOT 2
- minetest.chat_send_all --> log HOT 2
- Add 'bit' to acceptable global variables
- Mod does not work with developer version of Minetest HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qa_block.