POV-Ray : Newsgroups : povray.windows : Can't read ../../file.inc : Re: Can't read ../../file.inc Server Time: 24 Oct 2020 03:46:17 GMT
  Re: Can't read ../../file.inc  
From: clipka
Date: 17 Feb 2011 10:08:35
Am 17.02.2011 02:07, schrieb dickbalaska:
> clipka<ano### [at] anonymousorg>  wrote:
>> Am 16.02.2011 20:51, schrieb Darren New:
>
>>    From the code it is pretty obvious that the original intention is to
>> eliminate ".." from paths like "foo/bar/../fnord" by contracting it to
>> "foo/../fnord" - no security stuff intended there.
>
> What is the point of doing path contraction, if not for security purposes?
> Otherwise you are introducing code with no benefit. The OS is going to handle
> ..../ just fine for you already.
>
> Someone above said "../ at the start of the path".  Don't forget that
> foo/../../../../etc/passwd is legal.

You may be right there - but I guess we agree that contracting 
"foo/../../fnord" to "foo/fnord" is bogus, whatever reason there may be 
to contract "foo/bar/../fnord" to "foo/fnord".


Post a reply to this message

Copyright 2003-2008 Persistence of Vision Raytracer Pty. Ltd.