Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.unix : Public rendering : Re: Public rendering Server Time
17 May 2024 02:29:52 EDT (-0400)
  Re: Public rendering  
From: clipka
Date: 14 Sep 2009 13:16:26
Message: <4aae7a6a$1@news.povray.org>
 
There easiest way to ensure safety of POV-Ray on a Linux system, is 
probably to use the OS built-in systems:

Let POV-Ray run with its own separate user account, and allow write 
access only to one single directory: The one where rendering output is 
to be written to. That should suffice for POV-Ray to run properly, it 
doesn't need to write anywhere else.

In addition, you may want to watch out for the following POV-Ray specifics:

* INI files:

Some INI file settings allow a user to execute external commands, which 
of course is a potential security risk.

The easiest way to solve this issue is to provide no way for the user to 
submit their own INI files, and instead just provide a minimalistic 
interface with options to pick from, then build an INI file from that 
information. (Make sure that /if/ you allow some string parameters, that 
you safeguard them against "INI option injection".)

Even if you do want to allow users to submit their own INI files, you 
should use a "whitelist" approach to ensure that they're safe; anything 
POV-Ray doesn't recognize as an INI option would be interpreted as a 
file name, potentially allowing INI files or POV-Ray scenes to be 
executed that you didn't check.

* Scene files:

Make sure to check all scene files and include files. Take care of the 
following. (Note that blanks may go between hash signs and the actual 
keywords!)

- "file_exists()" might be misused to try sniff for files on your computer.

- "#fopen", "#write" and "#read" might be misused to try accessing 
virtually anything on your computer.

- Texture, height field and other input files might be misused to try 
reading other files on your computer.

- The "#include" statement might me misused to circumvent other safety 
mechanisms, or to try reading other files on your computer. (Note that 
POV-Ray does accept string variables to specify the filename.)

- Some standard include files may define macros that could be used to 
circumvent other security checks; for instance, the "strings.inc" file 
defines a macro "Parse_String" that allows to have an arbitrary string 
be interpreted as a POV-Ray SDL statement.

* Resources

Some scene files or output settings might make POV-Ray hungry for 
resources, such as main memory, disk space, or simply computing time. 
Try to get a lid on all these.


I'm quite sure I forgot some.


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.