mrminer reports: Lua prerequirements for NPCs: ... #6015
Labels
No Label
1. kind/balancing
1. kind/breaking
1. kind/bug
1. kind/construction
1. kind/documentation
1. kind/enhancement
1. kind/griefing
1. kind/invalid
1. kind/meme
1. kind/node limit
1. kind/other
1. kind/protocol
2. prio/controversial
2. prio/critical
2. prio/elevated
2. prio/good first issue
2. prio/interesting
2. prio/low
3. source/art
3. source/client
3. source/engine
3. source/ingame
3. source/integration
3. source/lag
3. source/license
3. source/mod upstream
3. source/unknown
3. source/website
4. step/approved
4. step/at work
4. step/blocked
4. step/discussion
4. step/help wanted
4. step/needs confirmation
4. step/partially fixed
4. step/question
4. step/ready to deploy
4. step/ready to QA test
4. step/want approval
5. result/cannot reproduce
5. result/duplicate
5. result/fixed
5. result/maybe
5. result/wontfix
ugh/petz
ugh/QA main
ugh/QA NOK
ugh/QA OK
No Milestone
No project
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: your-land/bugtracker#6015
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
mrminer reports a bug:
Player position:
Player look:
Player information:
Player meta:
Log identifier
Profiler save:
Status:
Teleport command:
Compass command:
Could be used to execute any code, right?
Any code in the same way as luac can execute any code. So it's doable.
luacs only have access to a very limited subset of the lua public libraries that minetest has built in. also, they are coded to limit the execution time of individual luacs - but i'm not too sure how they do that. but i know they do it, or it'd be trivial to DOS a server (
while true do a = 1 end
).luacs can execute arbitrary code that's written in that specific luac, but they don't have access to all the lua libraries, and their input is also limited.
Luacs limit execution time by using a debug hook that gets called after a number of "events" (basically lua bytecode instructions):
debug.sethook(timeout, "", MAXEVENTS)
(you also need to disable jit compilation for this to work).It's not perfect for limiting execution time (because it's possible to use expensive bytecode instructions in a loop, and this counts the number of them, not actual execution time).
And yes, lua allows to fully control the environment in which the code gets executed - you can throw away or override any functions you don't need or add some npc-specific functions.
another good example is that string.match can have near-exponential run-time with certain carefully crafted patterns, (presumably only using 1 lua "event"), so that's not available on the luac.