Follow-up Comment #6, bug #21768 (project wesnoth):
Ah, looks like I'm hitting the upload size limit. So here it is as a forum
attachment: http://forums.wesnoth.org/viewtopic.php?f=4&t=40171
I don't think it would be hard to insert checks in intf_put_unit etc
(whichever ones you think are dangerous), so that they emit errors instead of
working if you're in a filter.
I don't have any experience in actually writing exploits, but I imagine the
security issue would be if someone finds a lua sequence that deletes a unit
and then writes arbitrary data (maybe the contents of a very long WML
attribute?) over where it was in memory. Then it returns and the engine calls
some functions of that "unit", which could make who-knows-what happen. (Hmm...
I'm speaking beyond my knowledge here, but unit is a virtual object and so it
contains a pointer to its function table which could be overwritten to point
to arbitrary code?)
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?21768>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Wesnoth-bugs mailing list
[email protected]
https://mail.gna.org/listinfo/wesnoth-bugs
