Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.general : Status of Moray? : Re: New SDL for POVRay Server Time
15 Jul 2025 07:24:17 EDT (-0400)
  Re: New SDL for POVRay  
From: Alain
Date: 29 Sep 2007 21:24:56
Message: <46fefae8$1@news.povray.org>
 
William Tracy nous apporta ses lumieres en ce 2007/09/29 13:00:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Alain wrote:
>> That last point can be elliminated by strictly enforcing I/O
>> restrictions for ANY external addon. An external module/addon/plugin
>> could be strictly forbiden to erase any file, modify any file that don't
>> share the same base name as the current scene, create any file outside
>> the default write permition.
>> Going further, strictly forbide any I/O operation to any external library.
> 
> That's just it: Once you launch an external process, you have no control
> over it. There's no way whatsoever to enforce I/O restrictions.
> 
> I suppose that under Unix/Linux you could run it under a chroot, but I'm
> not aware that Windows supports anything like that. The ideal solution
> would be an OpenBSD jail, but most users don't run OpenBSD...
> 
> - --
> William Tracy
> afi### [at] gmailcom -- wtr### [at] calpolyedu
> 
> You know you've been raytracing too long when you can no longer tell the
> difference between the top raytracing book and the "Raytracing for
> Dummies" book. To you, they're both hopelessly uninformed.
>     -- Taps a.k.a. Tapio Vocadlo
There is a way, it's called "sandboxing". The process runs in a limited, closed, 
virtual machine and only have access to what YOU want it to see. That way, the 
process may never even "know" that there is a disk or anything else. It can't 
launch another programm, because it can't locate any programm but those you 
explicitely permit it to see. And those other programms can only be launched in 
that same sandbox. Upon termination, the calling application retreive the 
result, and terminate the virtual machine and anything in it, now and 
unconditionaly.
This can be done indepently of the OS you use and the CPU used.

-- 
Alain
-------------------------------------------------
The strongest reason for the people to retain the right to keep and bear
arms is, as a last resort, to protect themselves against tyranny in
government.
Thomas Jefferson


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.