On Tue, Nov 15, 2011 at 10:11:58PM +0200, Marko Lindqvist wrote:
> On 15 November 2011 21:52, Michal Mazurek <akf...@jasminek.net> wrote:
> >  a ruleset I download from dubious sources does
> > not, from it's script.lua, run a file i already have on my filesystem,
> > that's nasty. Even though it could just contain it,
> 
>  You consider all files already in your system something that everyone
> should be allowed to read/use? It could hardly contain something that
> its author does not know contents of.
> Not that I can come up with any real attack scenario offhand, but
> better to be safe than sorry.

Can there at least be a GNU-style flag like --allow-lua-dofile?

-- 
Michal Mazurek

_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to