|
|
Hi there,
for my own personal use, I've been thinking on building a web interface to
POV-Ray. It would feature a basic Editor, basic CVS and ability to render the
povray source and keep images. If password protected, this whole thing is
simple.
However, I am interested in opening this thing to the world to let anyone use
it. I remember from long ago there were a few sparks about execution of files,
and inclusion of files which led to the creation of system-wide and user
permissions for these... but there is still the ability to write and other
like that...
What I'm asking is: Is it possible to disable ALL potential abuse and misuse
features in povray for a user just by compiling or configuring it specially?
If not, then my question is a bit more general: When parsing a user script
(after dealing with encoding tricks and encapsulation tricks and so on) what
are the things i should look for? My policy would be to reject a file
completely the moment something unusual is found (such as different encoding
inside the text, etc) and flag this user's account (so i can monitor him more
closely and possibly use his malice to my advantage, by learning from it).
Anybody know of a simple (config? patch?) solution? Or anybody cares to inform
me of some details concerning the difficult solution?
Thanks a lot in advance! =)
Simon
Post a reply to this message
|
|