POV-Ray: Newsgroups: povray.advanced-users: WARNING: #exec and safety: Re: WARNING: #exec and safety

POV-Ray : Newsgroups : povray.advanced-users : WARNING: #exec and safety : Re: WARNING: #exec and safety		Server Time 30 Jul 2024 16:18:42 EDT (-0400)

From: Simen Kvaal
Date: 21 Oct 1999 08:54:36
Message: <380f0d0c@news.povray.org>

I don't think it's that difficult to create a #exec functionality that would
be safe. The solution might be:

1. A kind of register in POV of which commands are allowed. When  a scene
file with a binary executable is distributed, one should manually tell
povray that this file is ok to run, for example via an "registered #exec
programs" dialog from the menu, and *not* via an .INI-file.

2. Only allow executables whose filename begin with "pvex_" or similar. Of
course you can create a program that simply formats your hard drive and call
it "pvex_cool_diamond".

3. Never allow system commands.

I think the first solution is the best. What do you think? It shouldn't be
that difficult to include an #exec command in the official?

Bu then comes the problem with different platforms. In my opinion, *all*
povray users should be able to run *any* source file and obtain the *same*
results as everybody. If I create my own c++-compiler for SIMENOS2000 and
compile PovRay, I should be able to run the binary executables included with
the source file... But then, again, I might not create this operating
system.

Simen.

Post a reply to this message