Unexpected result of trying to deny function in the table in ACL.xml

multitheftauto / mtasa-blue

Multi Theft Auto is a game engine that incorporates an extendable network play element into a proprietary commercial single-player game.

https://multitheftauto.com

GNU General Public License v3.0

1.38k stars 424 forks source link

Unexpected result of trying to deny function in the table in ACL.xml #1983

Open Disinterpreter opened 3 years ago

Disinterpreter commented 3 years ago

Describe the bug

Try to deny some of default lua functions like 'os.getenv' for https://github.com/multitheftauto/mtasa-blue/pull/1937#issuecomment-752962847 and ACL will ignore it.

To reproduce Release os.getenv (if you want you can take os.clock) and add in ACL.xml in Default rights <right name="function.os.getenv" access="false"></right> Make a resource with code like

iprint(os.getenv("PATH"))
addBan()

and you'll got the same situation

Expected behaviour Both functions must be deny.

Version master

Pirulax commented 3 years ago

ACL checks are done by building the check into the function afaik. So you must make a wrapper around those functions, which checks whenever they're allowed to be called.

Disinterpreter commented 3 years ago

ACL checks are done by building the check into the function afaik. So you must make a wrapper around those functions, which checks whenever they're allowed to be called.

In usual case we would to do it. But this issue depends on #1972 and in there issue we decided to make ACL rows for unsafe functions. In fact, we must to do it, or make new ideas about solving #1972.