POV-Ray: Newsgroups: povray.general: Security Issues in Povray?: Re: Security Issues in Povray?

POV-Ray : Newsgroups : povray.general : Security Issues in Povray? : Re: Security Issues in Povray?		Server Time 19 Nov 2024 05:37:17 EST (-0500)

From: Christoph Hormann
Date: 22 Apr 2002 13:40:08
Message: <3CC44AF5.6D0E0E2D@gmx.de>

ncryptor wrote:
> 
> I have been studying the Linux source code of POV-Ray (version that is
> posted on web site).
> It may be possible to obtain shell or other access to the host's computer by
> exploiting bugs in pov's handling of command line parameters. Try this:
> give pov a very long command line parameter and it crashes with a
> segmentation fault. I am trying to see if this is exploitable, it
> probably is.
> 
> A possible exploit of this could be to gain access to a computer
> running pov as part of a render farm. The command line for pov depends on
> the information sent from the server to the client farmer, so an
> exploiter could spoof information and gain access to the user's computer.
> 
> The problematic file is optin.c

I must say i don't get it, a render farm (either PVM or some custom
coordination program) starts povray internally, i don't see how you could
'obtain shell or other access'.  If you see a problem, please post an
example where this becomes visible.

Note that being able to execute programs with Post_Scene_Command etc. is a
different topic, but therefore IO-restrictions are introduced in 3.5.

Christoph

-- 
POV-Ray tutorials, IsoWood include,                 
TransSkin and more: http://www.tu-bs.de/~y0013390/  
Last updated 20 Apr. 2002 _____./\/^>_*_<^\/\.______

Post a reply to this message