|
|
> It is possible to open a file for writing (and then write something in
> there) within the .pov file.
> This can be used to write (or overwrite) system files, configuration
> files, login files and so on.
> For example, if you are using dos/windows povray, the .pov file, when
> povray is parsing it, could open your autoexec.bat and put some nasty
> commands at the end of it (such as deltree...). In unix accounts it can
> write nasty commands to your .login file and other similar user files (if
> you are running povray with your own account privileges).
>
> Note also that the .ini file could specify an important system/user file as
> the output image file for povray (that is, povray would overwrite the file
> when writing the image). This can be quite dangerous specially in dos/windows.
Interesting... that's exactly what I was looking for... do you know how it is
done? So I can know how to avoid it?
--
+-------------------------+----------------------------------+
| Simon Lemieux | Website : http://www.666Mhz.net |
| Email : Sin### [at] 666Mhznet | POV-Ray, OpenGL, C++ and more... |
+-------------------------+----------------------------------+
Post a reply to this message
|
|