Impact
Minetest has a sandbox that protects the system from buggy and malicious mods. Sometimes mods need to do things that aren't allowed by the sandbox (such as opening a network socket), and so Minetest has a mechanism where a user can "trust" a mod and that mod can access the unsandboxed Lua environment.
In Minetest 5.8.0 and below, if there is at least one trusted mod then an untrusted mod can gain access to the unsandboxed Lua environment. The untrusted mod can do this using an exploit to overwrite the trusted mod's files, or by changing its mod id to override the trusted mod.
Patches
b487341
Workarounds
If feasible, disable access to the insecure environment for all mods by clearing the secure.trusted_mods setting.
References
#14486
sfan5 Finder
rubenwardy Remediation developer
Impact
Minetest has a sandbox that protects the system from buggy and malicious mods. Sometimes mods need to do things that aren't allowed by the sandbox (such as opening a network socket), and so Minetest has a mechanism where a user can "trust" a mod and that mod can access the unsandboxed Lua environment.
In Minetest 5.8.0 and below, if there is at least one trusted mod then an untrusted mod can gain access to the unsandboxed Lua environment. The untrusted mod can do this using an exploit to overwrite the trusted mod's files, or by changing its mod id to override the trusted mod.
Patches
b487341
Workarounds
If feasible, disable access to the insecure environment for all mods by clearing the
secure.trusted_modssetting.References
#14486