From e80fc22dd996e5b0efd8c4f67700c0920e323e46 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Tue, 6 Oct 2020 12:10:37 +0100
Subject: [PATCH] Prevent games from setting secure settings (#10460)

---
 src/content/subgames.cpp |  8 ++++++++
 src/content/subgames.h   |  3 ---
 src/settings.cpp         | 13 +++++++++++++
 src/settings.h           |  2 ++
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/content/subgames.cpp b/src/content/subgames.cpp
index 695ba431f..c6350f2dd 100644
--- a/src/content/subgames.cpp
+++ b/src/content/subgames.cpp
@@ -34,12 +34,17 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 // The maximum number of identical world names allowed
 #define MAX_WORLD_NAMES 100
 
+namespace
+{
+
 bool getGameMinetestConfig(const std::string &game_path, Settings &conf)
 {
 	std::string conf_path = game_path + DIR_DELIM + "minetest.conf";
 	return conf.readConfigFile(conf_path.c_str());
 }
 
+}
+
 struct GameFindPath
 {
 	std::string path;
@@ -330,8 +335,11 @@ void loadGameConfAndInitWorld(const std::string &path, const std::string &name,
 	// files that were loaded before.
 	g_settings->clearDefaults();
 	set_default_settings(g_settings);
+
 	Settings game_defaults;
 	getGameMinetestConfig(gamespec.path, game_defaults);
+	game_defaults.removeSecureSettings();
+
 	g_settings->overrideDefaults(&game_defaults);
 
 	infostream << "Initializing world at " << final_path << std::endl;
diff --git a/src/content/subgames.h b/src/content/subgames.h
index 35b619aaf..60392639b 100644
--- a/src/content/subgames.h
+++ b/src/content/subgames.h
@@ -53,9 +53,6 @@ struct SubgameSpec
 	bool isValid() const { return (!id.empty() && !path.empty()); }
 };
 
-// minetest.conf
-bool getGameMinetestConfig(const std::string &game_path, Settings &conf);
-
 SubgameSpec findSubgame(const std::string &id);
 SubgameSpec findWorldSubgame(const std::string &world_path);
 
diff --git a/src/settings.cpp b/src/settings.cpp
index 56ab9e12b..f30ef34e9 100644
--- a/src/settings.cpp
+++ b/src/settings.cpp
@@ -1039,6 +1039,19 @@ void Settings::deregisterChangedCallback(const std::string &name,
 	}
 }
 
+void Settings::removeSecureSettings()
+{
+	for (const auto &name : getNames()) {
+		if (name.compare(0, 7, "secure.") != 0)
+			continue;
+
+		errorstream << "Secure setting " << name
+				<< " isn't allowed, so was ignored."
+				<< std::endl;
+		remove(name);
+	}
+}
+
 void Settings::doCallbacks(const std::string &name) const
 {
 	MutexAutoLock lock(m_callback_mutex);
diff --git a/src/settings.h b/src/settings.h
index 7db5539b2..6db2f9481 100644
--- a/src/settings.h
+++ b/src/settings.h
@@ -207,6 +207,8 @@ public:
 	void deregisterChangedCallback(const std::string &name,
 		SettingsChangedCallback cbf, void *userdata = NULL);
 
+	void removeSecureSettings();
+
 private:
 	/***********************
 	 * Reading and writing *