|
 |
My point is, like Vahur Krouverk pointed out, that buffer overflows should
be corrected. Who knows what will happen one day - at the least, unchecked
bounds are a big source of hard-to-fix bugs.
POV isn't designed to handle vicious attacks, but it should be protected at
least against itself, which also gains a bit of security.
What i suggest is that ALL the source be checked for buffer overflows and
this be corrected, so that in the final version of 3.5 we will have a
completely stable, secure version. This sounds like a lot of work but i
think its worth it.
"Chris Cason" <new### [at] delete thispovrayorg> wrote in message
news:3cc457b2@news.povray.org...
>
> "Christoph Hormann" <chr### [at] gmxde> wrote in message
> > I have the impression you are just trying to seed some paranoia, unless
> > you have a concrete example of something going wrong i don't see any
> > problems.
>
> To be fair to the person who reported the problem, I think it's not
> paranoia. Computer security is an important issue these days.
>
> Users of POV-Ray must realise that it is NOT designed to be 'network
> safe', and it is NOT designed to take untrusted input. There are
> without doubt potential buffer overflows and other various methods
> of causing the program to misbehave, given the right set of input
> files and/or filenames.
>
> Anyone using POV-Ray in such a way that it accepts input from unknown
> persons via the net ought to be very wary, and certainly an installation
> of that nature, if it exists, should be run with the minimim privileges
> available under the host operating system.
>
> -- Chris
>
>
>
>
Post a reply to this message
|
|
