POV-Ray: Newsgroups: povray.general: Command-line option to turn off #macro or #fopen or #write?: Re: Command-line option to turn off #macro or #fopen or #write?

POV-Ray : Newsgroups : povray.general : Command-line option to turn off #macro or #fopen or #write? : Re: Command-line option to turn off #macro or #fopen or #write?		Server Time 28 Jul 2024 22:17:06 EDT (-0400)

From: Mark Gordon
Date: 15 Nov 2000 19:49:18
Message: <3A132E40.22660778@helixcode.com>

Space Dude wrote:

> I have an online povray rendering farm and I happened to be the victim
> of a "hack" attempt already with it.  The user was quite intelligent and
> used povray macros to edit my .login an .cshrc files on my machine.
> <pout>  It actually worked and started to delete stuff, but thankfully I
> caught it in time and saved everything.  So, kudos to whomever wrote it,
> but in the future, I'd like to stop those types of attacks if possible.

Initial reactions:

1) It sounds like POV-Ray was running as your user from some sort of
remotely executable script.  If you're going to do something like that,
run it as a special user made expressly for the purpose, perhaps even
one who can't log in. 

2) It's not a bad idea to have it run within chroot.  That makes it
harder to clobber any files outside its isolated little sandbox (avoid
the myriad /tmp races, for instance, as well as keeping it out of your
own personal ~).  Give it a little piece of your filesystem to call home
and put everything it needs there.

I'm not sure how your rendering farm is set up, so I can't be much more
specific in my advice.

-Mark Gordon

Post a reply to this message