 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Remco de Korte <rem### [at] xs4all nl> wrote:
: A command line switch wouldn't do. Somebody already mentioned that you'd
: probably put that in an inifile and forget about it.
I mentioned it myself. Of course it's not perfect, but at least it's better
than nothing.
At least if you try to render a scene downloaded from a strange place,
you can check that it will not do any system calls nor file writings before
you render it.
: Prompting with every
: POV-session would be better I think (as with the file-saving). I don't know if
: this is as easy on all platforms.
It's very difficult to achieve this kind of prompting with ANSI C.
It also would be extremely tedious if you would need to answer to a
prompt every time you render your own scene.
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Speaking about it... I have been thinking about a povray virus, but I
haven't yet figured out how to do it.
I mean a virus that will attach itself to all .pov-files it finds every time
an infected pov-file is rendered (of course it would be extremely easy
to detect and to disinfect; just watch the beginnin/end of the pov files and
remove the extra code from there, but that doesn't matter in this case because
the intention of the virus is not to make harm).
With povray itself it may be impossible, but I was also thinking that it
could be a povwin virus which could use some features of the windows
version (like codemax macros). But I haven't discovered any way yet.
Does anyone have any idea (Ron?).
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
The fact that the possibility of a malicious file is very small, that
doesn't mean that we shouldn't take into account some security issues.
Let's do it before something happens. It's better than doing it afterwards.
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Mark Wagner <mar### [at] gtenet> wrote:
: Along these lines, it *is* possible to write a POV-Ray virus that infects
: POV scene files. However, as things stand right now, the incredible disk
: thrashing that would occur as the virus tries to find files to infect would
: clue anyone in to what is happening.
I can't think of any way to do this (at least with the official povray).
Can you explain me?
--
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 20 Oct 1999 07:58:48 -0400, Nieminen Juha wrote:
> With povray itself it may be impossible, but I was also thinking that it
>could be a povwin virus which could use some features of the windows
>version (like codemax macros). But I haven't discovered any way yet.
> Does anyone have any idea (Ron?).
I don't know how you'd do it either. The hard part would be finding files
to infect, as you said, since POV has no facility for reading directories.
The only way I can think it would work is if there were some way for the
currently running script to get its own name, then read itself and look
for #includes and infect them in the hopes that they'd be shared with other
script files, but two things make that unlikely: First, a script can't get
its own name. Second, #read isn't very flexible about what it accepts. So
I don't see any way to write a POV-only virus.
Of course you could write a script that created a shell script to do the
dirty deed and stuck it in your .login, but that isn't pure POV. You could
also write one that puts itself in the insert menu on Windows, but I think
that one wouldn't live very long.
One that could live a while and would be pretty close to POV-only would be
a script that adds a shellout to a standard INI file. That shellout could
then infect the currently-rendering script file. This still isn't cross-
platform due to the differences in shell syntax and standard commands.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Yes, yes. Of course. I just don't think this functionality should be excluded
because of the (not so serious) security risk.
Some measures mihgt be prudent. Perhaps have the user explicitly allow the usage
of #exec with a command line switch, which _cannot_ be invoked via an ini file.
Margus
Nieminen Juha wrote:
>
> The fact that the possibility of a malicious file is very small, that
> doesn't mean that we shouldn't take into account some security issues.
> Let's do it before something happens. It's better than doing it afterwards.
>
> --
> main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
> ):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nieminen Juha wrote:
>
> Remco de Korte <rem### [at] xs4allnl> wrote:
>
> It's very difficult to achieve this kind of prompting with ANSI C.
I don't think that'd very good of ANSI C then ;)
> It also would be extremely tedious if you would need to answer to a
> prompt every time you render your own scene.
The way it is now with the filesaving in the Windows version seems like a good
way. When rendering a file you're prompted whether you want to save the changes
(while at the same time it will overwrite any file you made changes to at the
moment you want to change it under another name - but that's another topic). At
that point you can choose to disable that prompt for the duration of that
session. I must admit that it is a bit tedious at times but on the other hand
it's a safety measure.
Come to think of it: how about an overal 'condom'-mode?
Remco
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Remco de Korte <rem### [at] xs4allnl> wrote in message
news:380E13A6.2D08E62E@xs4all.nl...
> The way it is now with the filesaving in the Windows version seems like a
good
> way. When rendering a file you're prompted whether you want to save the
changes
> (while at the same time it will overwrite any file you made changes to at
the
> moment you want to change it under another name - but that's another
topic). At
> that point you can choose to disable that prompt for the duration of that
> session. I must admit that it is a bit tedious at times but on the other
hand
> it's a safety measure.
But there is no 'session' in the command line versions of POV, each
execution is independent from the last.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Edward Coffey wrote:
>
> Remco de Korte <rem### [at] xs4allnl> wrote in message
> news:380E13A6.2D08E62E@xs4all.nl...
> > The way it is now with the filesaving in the Windows version seems like a
> good
> > way. When rendering a file you're prompted whether you want to save the
> changes
> > (while at the same time it will overwrite any file you made changes to at
> the
> > moment you want to change it under another name - but that's another
> topic). At
> > that point you can choose to disable that prompt for the duration of that
> > session. I must admit that it is a bit tedious at times but on the other
> hand
> > it's a safety measure.
>
> But there is no 'session' in the command line versions of POV, each
> execution is independent from the last.
By a session you could also mean a batch of files to be rendered or an
animation.
Remco
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nieminen Juha wrote in message <380daf31@news.povray.org>...
>Mark Wagner <mar### [at] gtenet> wrote:
>: Along these lines, it *is* possible to write a POV-Ray virus that infects
>: POV scene files. However, as things stand right now, the incredible disk
>: thrashing that would occur as the virus tries to find files to infect
would
>: clue anyone in to what is happening.
>
> I can't think of any way to do this (at least with the official povray).
>Can you explain me?
I have a virus that will run (almost) in standard POV-Ray. Should I post
it?
While developing this virus, I found a bug in POV-Ray's string handling
routines -- sometimes a sequence such as "\"\\\\\",\"\\\"\"," will be
incorrectly written to a file.
Mark
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
