On Thu, 21 Oct 1999 00:41:48 -0400, "Mark Wagner"
<mar### [at] gtenet> wrote:

>I have a virus that will run (almost) in standard POV-Ray.  Should I post
>it?
>
>While developing this virus, I found a bug in POV-Ray's string handling
>routines -- sometimes a sequence such as "\"\\\\\",\"\\\"\"," will be
>incorrectly written to a file.
>
>Mark

I encountered a similar bug while I was trying to declare a string
defining a charset (all alphanumerals, punctuation and math symbols).
For some reason the parser choked on the double-quote and backslash,
even though I had a backslash before each of those. I did not explore
the depths of this bug because I used another approach.


Peter Popov
ICQ: 15002700

Post a reply to this message

Simen Kvaal <sim### [at] studentmatnatuiono> wrote:
: for example via an "registered #exec
: programs" dialog from the menu

  This can't be done with ANSI C.

: and *not* via an .INI-file.

  Why not?

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

Post a reply to this message

Nieminen Juha wrote in message <380ed9d2@news.povray.org>...
>Mark Wagner <mar### [at] gtenet> wrote:
>: I have a virus that will run (almost) in standard POV-Ray.  Should I post
>: it?
>
>  I think it's safe. A povray virus can never hide himself since you can
>always see your pov-files. On the other hand non-advanced users will be
>too frightened to render the infected scene when they see the word "virus",
>so there shouldn't be any problem there.
>  The code would be extremely interesting.


OK, I'll post the virus in p.b.s-f

Mark

Post a reply to this message

Nieminen Juha skrev i meldingen <380f4e3e@news.povray.org>...
>Simen Kvaal <sim### [at] studentmatnatuiono> wrote:
>: for example via an "registered #exec
>: programs" dialog from the menu
>
>  This can't be done with ANSI C.
>


Why not? You can specify which .ini files to use, which, include direcroties
to use, why not specify which #exec commands to allow?


>: and *not* via an .INI-file.
>
>  Why not?

Well, I thought maybe it was usual to supply an .ini file with the scene
file. If that ini-file included directives that let povray use a particular
#exec program, then we're back to the problem that the user has less
control. I think.

Simen.

Post a reply to this message

Simen Kvaal <sim### [at] studentmatnatuiono> wrote:
:>: for example via an "registered #exec
:>: programs" dialog from the menu
:>
:>  This can't be done with ANSI C.

: Why not? You can specify which .ini files to use, which, include direcroties
: to use, why not specify which #exec commands to allow?

  Well, you talked about a dialog in a menu...

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

Post a reply to this message

If I understood correctly (after autoindenting with emacs :) ), it tries
all possible character combinations for a file name. That takes years!
  There must be an easier way.

  I was thinking about a codemax macro or similar: When active, each time
you save a .pov-file it will check if it's infected; it not, it infects it
and saves. The macro would be loaded when an infected file is rendered
(perhaps by writing to some codemax ini file first, or something).
  But perhaps this is not possible.

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):5;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

Post a reply to this message

Nieminen Juha wrote in message <38105272@news.povray.org>...
>  If I understood correctly (after autoindenting with emacs :) ), it tries
>all possible character combinations for a file name. That takes years!

My estimate is that it will take about 80 years on a resonably fast
computer.

>  There must be an easier way.


I've come up with a few ideas, such as providing a method for ruling out
filenames that probably won't be used.

>  I was thinking about a codemax macro or similar: When active, each time
>you save a .pov-file it will check if it's infected; it not, it infects it
>and saves. The macro would be loaded when an infected file is rendered
>(perhaps by writing to some codemax ini file first, or something).
>  But perhaps this is not possible.


It might be possible.  I'll have to check on that.

Mark

Post a reply to this message

Ken wrote:
> 
> If any of those infamous POV-Ray Bulgarian hackers hear about this we
> are all doomed !!!

No need to be Bulgarian! ;-) Right now, I'm writing the First
Ever POV-Ray-Virus [tm]!

Markus

Post a reply to this message

Ron Parker wrote:
> Seriously, folks, consider this:
> 
> #fopen FILE "c:\\autoexec.bat" append

what's "autoexec.bat"?

SCNR

Markus
> The point is, if you don't trust the source of a file, don't run it.  Getting
> an unknown POV script over the Internet is just as dangerous as getting C
> source code or Perl source code or source code in any other programming
> language, because that's what it is.

But POV-Ray is a _Renderer_, not a general purpose programming language.
Ok, it has a full-blown C-like syntax and all, but is this _really_
needed?
How about some restrictions on the available file I/O, such as allowing
only to read from and write to file in some kind of "sandbox", i.e.
_one_
special directory (and the sub dirs) that is assigned specifically for
that purpose. POV-Ray itself would then decide if it does it or not.

Markus
-- 

 Ich nicht eine Sekunde!!!" H. Heinol in Val Thorens

Post a reply to this message

"Jon A. Cruz" wrote:
> 
> And on Windows NT it's worse. I just got a new NT box placed in my office.
> After booting into NT, and without even attempting to log-in, just booting, it
> went crazy. After coming up with the NT log-in thingie, it then went into over
> 5-10 minutes of just constant disk thrashing. And that was with me not doing
> anything.

Rip out that 16MB module and replace it by 256 MB. You'll be surprised.

Markus

Post a reply to this message