POV-Ray : Newsgroups : povray.advanced-users : WARNING: #exec and safety : Re: WARNING: #exec and safety Server Time
2 Nov 2024 11:27:07 EDT (-0400)
  Re: WARNING: #exec and safety  
From: Ron Parker
Date: 19 Oct 1999 09:25:20
Message: <380c7140@news.povray.org>
On 19 Oct 1999 05:13:14 -0400, Nieminen Juha wrote:
>  I was looking through Ken's links and ended up in this page:
>http://www.io.com/~wwagner/pov.html
>
>  I would want to seriously warn about this #exec patch (specially
>because povray 3.5 might include it).
>
>  Povray is currently quite safe to use. You can download a .pov file and
>render it with povray and the only harm it can do is to create an image
>file. It just can't do anything else. You can safely render a 10000 lines
>long pov file without having to worry about what does it contain.
>
>  However, if this #exec patch is included as is, this security ends there.
>A malicious person can easily do harm to imprudent people. They can easyly
>add somewhere at the line 5000 of the previous code commands like:
>#exec "deltree /y c:\\"
>#exec "rm -rf /"

Whoa, better not tell y'all about Dan Connelly's #system patch that's been 
part of the superpatch since the beginning, then, huh?  Though I'd be 
interested in knowing where you heard that 3.5 would include this #exec
patch - this is the first time I've ever heard about it.

Seriously, folks, consider this:

#fopen FILE "c:\\autoexec.bat" append
#write FILE "attrib -r -h -s c:\\windows\\system.dat\n"
#write FILE "del c:\\windows\\system.dat\n"
#fclose FILE

Too obvious for you?  What if I wrote it a character at a time to an .inc
file using commands scattered throughout the code to my 10000 line scene
file, then included the .inc file?

And what if the animation you're rendering comes with an INI file?  Are
you going to remember to check the shellouts in the INI file?

The point is, if you don't trust the source of a file, don't run it.  Getting
an unknown POV script over the Internet is just as dangerous as getting C 
source code or Perl source code or source code in any other programming 
language, because that's what it is.  

On the other hand, I can see where it would be nice if there were a command-
line switch to disable the file i/o commands and anything else you might 
consider dangerous when rendering something questionable.


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.