POV-Ray : Newsgroups : povray.general : Security Issues in Povray? : Re: Security Issues in Povray? Server Time
19 Nov 2024 05:43:02 EST (-0500)
  Re: Security Issues in Povray?  
From: ncryptor
Date: 22 Apr 2002 16:07:26
Message: <3cc46d7e@news.povray.org>
My point is, like Vahur Krouverk pointed out, that buffer overflows should
be corrected. Who knows what will happen one day - at the least, unchecked
bounds are a big source of hard-to-fix bugs.

POV isn't designed to handle vicious attacks, but it should be protected at
least against itself, which also gains a bit of security.

What i suggest is that ALL the source be checked for buffer overflows and
this be corrected, so that in the final version of 3.5 we will have a
completely stable, secure version. This sounds like a lot of work but i
think its worth it.


"Chris Cason" <new### [at] deletethispovrayorg> wrote in message
news:3cc457b2@news.povray.org...
>
> "Christoph Hormann" <chr### [at] gmxde> wrote in message
> > I have the impression you are just trying to seed some paranoia, unless
> > you have a concrete example of something going wrong i don't see any
> > problems.
>
> To be fair to the person who reported the problem, I think it's not
> paranoia. Computer security is an important issue these days.
>
> Users of POV-Ray must realise that it is NOT designed to be 'network
> safe', and it is NOT designed to take untrusted input. There are
> without doubt potential buffer overflows and other various methods
> of causing the program to misbehave, given the right set of input
> files and/or filenames.
>
> Anyone using POV-Ray in such a way that it accepts input from unknown
> persons via the net ought to be very wary, and certainly an installation
> of that nature, if it exists, should be run with the minimim privileges
> available under the host operating system.
>
> -- Chris
>
>
>
>


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.