|  |  | On 10/11/19 4:13 AM, William F Pokorny wrote:
> On 10/10/19 2:30 AM, Dick Balaska wrote:
>> Line 94 of the default unix povray.conf contains a reference to
>> %INSTALL_DIR%/../../etc
>>
>> https://github.com/POV-Ray/povray/blob/master/unix/povray.conf
>>
>> This is the exact unix directory we *don't* want povray to read.
>>
>> This line should be removed.
> 
> On my Ubuntu system this resolves to /usr/local/etc for an actual system 
> install - which is OK I think. It's where the system wide povray.conf 
> and povray.ini files are installed and these I believe set the file i/o 
> access rights all users picking up the common install would get.
> 
> Am I missing something?
> 
> On your system are you ending up with /etc readable due a different tool 
> install directory structure, or?
> 
> Bill P.
For me, on debian/ubuntu/mint, povray/qtpovray ends up at
/usr/share/povray-3.7
/usr/share/qtpovray-3.8
so the evil dir is
/usr/etc
which does not exist.
Technically, the evil dir is undefined.
I still submit that there is no legitimate reason to ever access 
%INSTALL_DIR%/../anything
especially etc, which just makes it an incompetent evil.
-- 
dik
Rendered 95232 of 2073600 pixels (22%)
 Post a reply to this message
 |  |