 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I was looking through Ken's links and ended up in this page:
http://www.io.com/~wwagner/pov.html
I would want to seriously warn about this #exec patch (specially
because povray 3.5 might include it).
Povray is currently quite safe to use. You can download a .pov file and
render it with povray and the only harm it can do is to create an image
file. It just can't do anything else. You can safely render a 10000 lines
long pov file without having to worry about what does it contain.
However, if this #exec patch is included as is, this security ends there.
A malicious person can easily do harm to imprudent people. They can easyly
add somewhere at the line 5000 of the previous code commands like:
#exec "deltree /y c:\\"
#exec "rm -rf /"
An advanced user could search the file for #exec commands but the malicious
person could still cause harm by adding hundreds of harmless and necessary
#exec commands to the file. Searching for dangerous ones among them could be
a hard job. (Searching for "del", "deltree" or "rm" may not be enough because
you can make harm with lots of other ways; you can also form those words
by concatenating letters so searching is impossible...)
So even advanced users are not completely safe (the only way to be completely
sure is not to render any scene with #exec commands; but that could be
sometimes too limiting).
Now, thinking about it... Even searching for "#exec" is not enough, since
you can form that word by concatenating letters, write it to a file and then
#include it in the scene.
As we can see, there's no 100% secure way to detect dangerous files.
Of course the #exec command could be very useful (specially with unix
shells). Hoever, it should NOT be included as is, without any security
issues.
I don't know if there's any safe way to include it into povray. The only
thing I can think of is that by default povray will not execute the #exec
commands (it may issue a warning instead, for example) and if you really
want them to work, you have to say it with a command line switch or an
.ini file entry.
However, this can only cause that people put that entry in their povray.ini
and there we have a disaster waiting to occur. So it's not a perfect solution.
I can't think of any perfect solution. The only perfect solution would be
not adding the #exec command to povray.
Comments?
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nieminen Juha wrote:
>
> I was looking through Ken's links and ended up in this page:
> http://www.io.com/~wwagner/pov.html
>
> I would want to seriously warn about this #exec patch (specially
> because povray 3.5 might include it).
>
> Povray is currently quite safe to use. You can download a .pov file and
> render it with povray and the only harm it can do is to create an image
> file. It just can't do anything else. You can safely render a 10000 lines
> long pov file without having to worry about what does it contain.
Anyone of you programmers could easily build a malicious program,
call it a povray utility, and there is nothing keeping you from
causing irreparable damage to someone else's system if they use
it. One can only hope that no one will ever produce such a utility
but the possibility is there. You must also have the same faith you
have in any software you try that something similar won't be tried
by a "malicious" pov scene designer.
Even considering the harm that it can do also think of the
possibilities. It adds a whole new avenue to external processes
that are impossible to do now with simple Pov script. One such
use would be calls to the system clock for true random animation
scene development. Other possibilities would be calling external
executables that have pov scene output, passing it command line
parameters from inside pov, and then parse the file it produced.
It would save a lot of steps if you could do all of your development
work from within Pov without having to operate outside the scene
editing environment.
I'm not saying your concerns are invalid but the benefits would
likewise be enormous.
--
Ken Tyler - 1100+ Povray, Graphics, 3D Rendering, and Raytracing Links:
http://home.pacbell.net/tylereng/index.html http://www.povray.org/links/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I also would prefer if this patch would *NOT* be included in 3.5. I
didn't know that this patch existed and I will for sure not use it!
Marc
--
Marc Schimmler
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Ken wrote:
>
> Nieminen Juha wrote:
> >
but for simple cases I think #exec could be done with a batch/file of some sort.
If incorporated in POV I think the best way to avoid problems is to always
prompt before execution, as is done with overwriting files and other things that
may cause "regret".
As far as I can imagine the POV-team have already considered this issue.
It`s good to stay alert though, as a real POV-scout.
Remco
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I'd never heard of this patch, and much less that it was going into 3.5.
Please cut it out, I don't care how many benefits this thing gives us. We'll
just have to find another way.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 19 Oct 1999 05:13:14 -0400, Nieminen Juha wrote:
> I was looking through Ken's links and ended up in this page:
>http://www.io.com/~wwagner/pov.html
>
> I would want to seriously warn about this #exec patch (specially
>because povray 3.5 might include it).
>
> Povray is currently quite safe to use. You can download a .pov file and
>render it with povray and the only harm it can do is to create an image
>file. It just can't do anything else. You can safely render a 10000 lines
>long pov file without having to worry about what does it contain.
>
> However, if this #exec patch is included as is, this security ends there.
>A malicious person can easily do harm to imprudent people. They can easyly
>add somewhere at the line 5000 of the previous code commands like:
>#exec "deltree /y c:\\"
>#exec "rm -rf /"
Whoa, better not tell y'all about Dan Connelly's #system patch that's been
part of the superpatch since the beginning, then, huh? Though I'd be
interested in knowing where you heard that 3.5 would include this #exec
patch - this is the first time I've ever heard about it.
Seriously, folks, consider this:
#fopen FILE "c:\\autoexec.bat" append
#write FILE "attrib -r -h -s c:\\windows\\system.dat\n"
#write FILE "del c:\\windows\\system.dat\n"
#fclose FILE
Too obvious for you? What if I wrote it a character at a time to an .inc
file using commands scattered throughout the code to my 10000 line scene
file, then included the .inc file?
And what if the animation you're rendering comes with an INI file? Are
you going to remember to check the shellouts in the INI file?
The point is, if you don't trust the source of a file, don't run it. Getting
an unknown POV script over the Internet is just as dangerous as getting C
source code or Perl source code or source code in any other programming
language, because that's what it is.
On the other hand, I can see where it would be nice if there were a command-
line switch to disable the file i/o commands and anything else you might
consider dangerous when rendering something questionable.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Ok with you! But I think that new user MUST know the risk of using script of
other user! Because it is not obvious for all user (I think) that the script of
povray is so powerful and can cause dammage to the system! So post some remark
like these ones to the general group and newuser group!
Fabian.
Ron Parker wrote:
> On 19 Oct 1999 05:13:14 -0400, Nieminen Juha wrote:
> > I was looking through Ken's links and ended up in this page:
> >http://www.io.com/~wwagner/pov.html
> >
> > I would want to seriously warn about this #exec patch (specially
> >because povray 3.5 might include it).
> >
> > Povray is currently quite safe to use. You can download a .pov file and
> >render it with povray and the only harm it can do is to create an image
> >file. It just can't do anything else. You can safely render a 10000 lines
> >long pov file without having to worry about what does it contain.
> >
> > However, if this #exec patch is included as is, this security ends there.
> >A malicious person can easily do harm to imprudent people. They can easyly
> >add somewhere at the line 5000 of the previous code commands like:
> >#exec "deltree /y c:\\"
> >#exec "rm -rf /"
>
> Whoa, better not tell y'all about Dan Connelly's #system patch that's been
> part of the superpatch since the beginning, then, huh? Though I'd be
> interested in knowing where you heard that 3.5 would include this #exec
> patch - this is the first time I've ever heard about it.
>
> Seriously, folks, consider this:
>
> #fopen FILE "c:\\autoexec.bat" append
> #write FILE "attrib -r -h -s c:\\windows\\system.dat\n"
> #write FILE "del c:\\windows\\system.dat\n"
> #fclose FILE
>
> Too obvious for you? What if I wrote it a character at a time to an .inc
> file using commands scattered throughout the code to my 10000 line scene
> file, then included the .inc file?
>
> And what if the animation you're rendering comes with an INI file? Are
> you going to remember to check the shellouts in the INI file?
>
> The point is, if you don't trust the source of a file, don't run it. Getting
> an unknown POV script over the Internet is just as dangerous as getting C
> source code or Perl source code or source code in any other programming
> language, because that's what it is.
>
> On the other hand, I can see where it would be nice if there were a command-
> line switch to disable the file i/o commands and anything else you might
> consider dangerous when rendering something questionable.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Ron Parker <par### [at] fwi com> wrote:
:> (specially because povray 3.5 might include it).
: Whoa, better not tell y'all about Dan Connelly's #system patch that's been
: part of the superpatch since the beginning, then, huh? Though I'd be
: interested in knowing where you heard that 3.5 would include this #exec
: patch - this is the first time I've ever heard about it.
I didn't say that it will include it. I said that it might include it.
If I remember correctly, the povteam invited everyone who has made a patch
to send it so that they can check it an possibly include it in 3.5.
On the other hand, if that #system command you talk about is the equivalent
to the #exec command, then we already have the problem in the superpatch.
: #fopen FILE "c:\\autoexec.bat" append
: #write FILE "attrib -r -h -s c:\\windows\\system.dat\n"
: #write FILE "del c:\\windows\\system.dat\n"
: #fclose FILE
: Too obvious for you? What if I wrote it a character at a time to an .inc
: file using commands scattered throughout the code to my 10000 line scene
: file, then included the .inc file?
Damn, you are right. I never thought about this.
: On the other hand, I can see where it would be nice if there were a command-
: line switch to disable the file i/o commands and anything else you might
: consider dangerous when rendering something questionable.
Since we obviously already have the security problem, I would say that this
is a good idea.
With #system/#exec it may be a good idea what I suggested earlier: you
have to specify a command line switch to enable it.
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Btw, I hope that my (perhaps a little bit paranoid) article helped at least
a bit so that people could be more cautious on what they render, specially
if you don't know the source of the file.
And I thought that raytracing was a safe hobby... :)
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nieminen Juha wrote:
>
> Btw, I hope that my (perhaps a little bit paranoid) article helped at least
> a bit so that people could be more cautious on what they render, specially
> if you don't know the source of the file.
>
> And I thought that raytracing was a safe hobby... :)
If any of those infamous POV-Ray Bulgarian hackers hear about this we
are all doomed !!!
Hi Peter :)
--
Ken Tyler - 1100+ Povray, Graphics, 3D Rendering, and Raytracing Links:
http://home.pacbell.net/tylereng/index.html http://www.povray.org/links/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
