teliva

Commit Graph

Author	SHA1	Message	Date
Kartik K. Agaram	f268015ac0	fix the security vulnerability We now have a notion of libraries that we load after app code, to prevent them from getting overridden. Should I just load all libraries after the app? There might be value in allowing apps to override library functions. Disallowing that too much may be going against Lua's dynamic nature.	2022-03-07 15:40:28 -08:00
Kartik K. Agaram	e07fa910bb	pin down a security vulnerability We aren't actually secure as the previous commit said. The hole here is that you can't override start_writing by typing in 'start_writing' into the big picture. However you _can_ override it by typing in _anything else_.	2022-03-07 11:44:47 -08:00

Author

SHA1

Message

Date

Kartik K. Agaram

f268015ac0

fix the security vulnerability

We now have a notion of libraries that we load after app code, to
prevent them from getting overridden.

Should I just load all libraries after the app? There might be value in
allowing apps to override library functions. Disallowing that too much
may be going against Lua's dynamic nature.

2022-03-07 15:40:28 -08:00

Kartik K. Agaram

e07fa910bb

pin down a security vulnerability

We aren't actually secure as the previous commit said. The hole here is
that you can't override start_writing by typing in 'start_writing' into
the big picture. However you _can_ override it by typing in _anything
else_.

2022-03-07 11:44:47 -08:00

2 Commits