Unsafe Require

Allows specified mods to use 'unsafe_require' to load Lua modules installed on the system.

Complex installation API / Library

JensDoesLua 3 0 +0 / 0 / -1 Source Issue Tracker Statistics
Download (4 KB)
For Luanti 5.0 and above

How do I install this?

unsafe_require 🔗

A Luanti mod that allows trusted Lua module imports without having to give full insecure privileges to a mod.

Overview 🔗

By default, Luanti requires that your mod is added to secure.trusted_mods when it needs to use require(). You then also have to implement various safety measurements correctly in order not to create a security risk. This is quite complicated when a mod only needs to import specific modules.

unsafe_require provides a middle ground where you do not need to alter _G.require or apply custom hooks as seen in the insecure environment workaround.

Features 🔗

  • Allows (more or less) safe use of require() for specific Lua modules.
  • Avoids adding every mod to secure.trusted_mods.
  • Automatically handles the security precautions described in luanti-org/luanti#10877 (sandbox sealing, metatable cleanup, isolated loading).
  • Easy per-mod configuration through settings.

Usage in mods 🔗

In your mod’s init.lua code:

unsafe_require("lfs", function(lfs)
    -- use lfs here, do not store it where it could be accessible by other mods!
end)

Each mod must be explicitly granted permission to use unsafe_require for individual module names.

Configuration 🔗

Add this module to secure.trusted_mods in minetest.conf: secure.trusted_mods = unsafe_require

Add allowed modules for your mod in minetest.conf:

unsafe_require.allowed_for.yourmodname = lfs, json

Only the listed modules may be loaded via unsafe_require inside yourmodname. Attempting to request a disallowed module will result in an error.

Security notes 🔗

  • This mod still uses Luanti’s insecure environment - but within controlled boundaries.
  • It is not safe for untrusted mods – only enable it for mods you trust!
  • It is not recommended to use this mod on a public server.
  • The main purpose is to provide additional APIs for local development.

License 🔗

SPDX-License-Identifier: MIT

Reviews

Review

Do you recommend this mod?

  • DS 5 hours ago
    English

    Concept is fundamentally broken, implementation as well

    This mods tries to add a less trusted kind of mods than those in secure.trusted_mods. But these new kind of semi-trusted mods are still allowed to use require. With this they have practically the same priviledge level as usual trusted mods.

    If you want to provide a more secure way of require, you can make this wrapped require available in the insecure env, so other trusted mods can use it.

    Also, there are several things broken with the implementation (many unfixable without engine support). Obvious things: Other mods can simply overwrite settings that don't start with secure.. They can also overwrite other things (and therefore hook into), such as core.settings, core.get_current_modname (note also that this mod might not be the first to be loaded), or your unsafe_require API function. And another mod could your mod make call one of its functions, so core.get_current_modname will never be correct (this is also why core.request_insecure_environment can only be called directly from the mod's init.lua).

    0 comments