On Tue, Nov 15, 2011 at 10:11:58PM +0200, Marko Lindqvist wrote:
> On 15 November 2011 21:52, Michal Mazurek <akf...@jasminek.net> wrote:
> >  a ruleset I download from dubious sources does
> > not, from it's script.lua, run a file i already have on my filesystem,
> > that's nasty. Even though it could just contain it,
>  You consider all files already in your system something that everyone
> should be allowed to read/use? It could hardly contain something that
> its author does not know contents of.
> Not that I can come up with any real attack scenario offhand, but
> better to be safe than sorry.

Can there at least be a GNU-style flag like --allow-lua-dofile?

Michal Mazurek

Freeciv-dev mailing list

Reply via email to