POV-Ray: Newsgroups: povray.advanced-users: WARNING: #exec and safety: Re: WARNING: #exec and safety

POV-Ray : Newsgroups : povray.advanced-users : WARNING: #exec and safety : Re: WARNING: #exec and safety		Server Time 30 Jul 2024 14:17:32 EDT (-0400)

From: Markus Becker
Date: 26 Oct 1999 08:56:11
Message: <3815A697.ED1EC63@zess.uni-siegen.de>

Ron Parker wrote:
> Seriously, folks, consider this:
> 
> #fopen FILE "c:\\autoexec.bat" append

what's "autoexec.bat"?

SCNR

Markus
> The point is, if you don't trust the source of a file, don't run it.  Getting
> an unknown POV script over the Internet is just as dangerous as getting C
> source code or Perl source code or source code in any other programming
> language, because that's what it is.

But POV-Ray is a _Renderer_, not a general purpose programming language.
Ok, it has a full-blown C-like syntax and all, but is this _really_
needed?
How about some restrictions on the available file I/O, such as allowing
only to read from and write to file in some kind of "sandbox", i.e.
_one_
special directory (and the sub dirs) that is assigned specifically for
that purpose. POV-Ray itself would then decide if it does it or not.

Markus
-- 

 Ich nicht eine Sekunde!!!" H. Heinol in Val Thorens

Post a reply to this message