Is deserialize secure?
- debiankaios
- Member
- Posts: 910
- Joined: Thu Dec 03, 2020 12:48
- IRC: debiankaios
- In-game: debiankaios Nowe
- Location: germany
- Contact:
Is deserialize secure?
If anyone edit the serialized files that a virus will downloaded and started(yes it's possible in lua) will that in deseralize process blocked. I found that bytecode will blocked and if i try to let anything to print from the file it don't work to. Is serializing secure?
📖 Deutsches Modding Book 👽 My Mod 🔌 TechAge Extension (WIP)
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
- rubenwardy
- Moderator
- Posts: 6978
- Joined: Tue Jun 12, 2012 18:11
- GitHub: rubenwardy
- IRC: rubenwardy
- In-game: rubenwardy
- Location: Bristol, United Kingdom
- Contact:
Re: Is deserialize secure?
No, passing untrusted strings to minetest.deserialize can allow malicious users to freeze the server, and before 5.2 allows them to run any Lua code in the server environment
You should only pass strings that have been created by minetest.serialize. It's fine to pass user input to that function, and then to deserialize
You should only pass strings that have been created by minetest.serialize. It's fine to pass user input to that function, and then to deserialize
- debiankaios
- Member
- Posts: 910
- Joined: Thu Dec 03, 2020 12:48
- IRC: debiankaios
- In-game: debiankaios Nowe
- Location: germany
- Contact:
Re: Is deserialize secure?
But how can i sure that it get serialized first?rubenwardy wrote: ↑Tue Mar 15, 2022 12:06You should only pass strings that have been created by minetest.serialize. It's fine to pass user input to that function, and then to deserialize
📖 Deutsches Modding Book 👽 My Mod 🔌 TechAge Extension (WIP)
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
2147483 is the new world border.
⛏ Proxima Survival(WIP) ⚔️ Minigames A.E.S(WIP)
🌐 My Website
Who is online
Users browsing this forum: No registered users and 8 guests