POV-Ray: Newsgroups: povray.advanced-users: WARNING: #exec and safety: Re: WARNING: #exec and safety

POV-Ray : Newsgroups : povray.advanced-users : WARNING: #exec and safety : Re: WARNING: #exec and safety		Server Time 30 Jul 2024 14:24:03 EDT (-0400)

From: Margus Ramst
Date: 19 Oct 1999 15:12:26
Message: <380CC265.7C6ADAB4@peak.edu.ee>

Nieminen Juha wrote:
> 
>   I was looking through Ken's links and ended up in this page:
> http://www.io.com/~wwagner/pov.html
> 
>   I would want to seriously warn about this #exec patch (specially
> because povray 3.5 might include it).
> 
>   Povray is currently quite safe to use. You can download a .pov file and
> render it with povray and the only harm it can do is to create an image
> file. It just can't do anything else. You can safely render a 10000 lines
> long pov file without having to worry about what does it contain.
> 

The concern is of course not without cause. But the inclusion of file i/o
statement has already rendered this argument untrue. Yes, the #exec command
would facilitate writing malicious scripts, but the potential is already there.
Anyway, there are a thousand and one ways for the average Windows user to get
screwed (no, I mean figuratively speaing). Given all these options, is it really
likely that someone would specifically target the POV users?
I personally would like to have this functionality, since it is a very flexible
feature.

Margus

Post a reply to this message