> No it can't.  That's a famous theorem by from Computer Science, called the
> Halting Problem.  It's insoluble.  (Unless you plan to forbid loops entirely,
> in which case it'll be pretty useless.)

Hmm... true... anyway I don't wish to work on this...  but my program should be
able to deal with that kind of situations....  Believe me!  ;)

-- 
+-------------------------+----------------------------------+
| Simon Lemieux           | Website : http://www.666Mhz.net  |
| Email : Sin### [at] 666Mhznet | POV-Ray, OpenGL, C++ and more... |
+-------------------------+----------------------------------+

Post a reply to this message

On Thu, 16 Nov 2000 17:37:03 -0500, Simon Lemieux wrote:
>> You probably need to make sure the script doesn't do any #fopens or #writes,
>> and make sure the output filename specified in the .ini file is okay (or remove
>> it entirely and replace it with a filename you make up.)  That'll be good
>> enough to catch most problems.  Watch for weird parser stuff like the fact
>> that this is valid syntax:
>
>Thanks!
>
>>                                                  #
>> 
>>     fopen (whatever)
>
>Hmmm... is this "<many_spaces>#fopen (whatever" 
>or "<many_spaces>#\n\n fopen (whatever)"?

It's "<any whitespace>#<any whitespace>fopen<any whitespace>(whatever)"
Where "any whitespace" is any combination of spaces, tabs, CRs, and LFs.

-- 
Ron Parker   http://www2.fwi.com/~parkerr/traces.html
My opinions.  Mine.  Not anyone else's.

Post a reply to this message

In article <3A145C8B.373F10E2@yahoo.com> , Simon Lemieux 
<lem### [at] yahoocom>  wrote:

> what about MacOS? what about the newer MacOS X?

On Mac OS you can look the System and Application folder, but that is it.
People could probably read and write to any other file and destroy them that
way, but as there is no login there is no break-in and they can't destroy or
change the system.

As for Mac OS X, as Ron said, it is BSD-based with a non-X GUI, so all the
Unix tricks work just fine.  However, in theory it should be easy to set up
a next to no privileges user thanks to the GUI.  Anyway, Mac OS X is not
final, and Mac OS X Server costs a lot of money (for non-developers)...


   Thorsten


____________________________________________________
Thorsten Froehlich
e-mail: mac### [at] povrayorg

I am a member of the POV-Ray Team.
Visit POV-Ray on the web: http://mac.povray.org

Post a reply to this message

Simon Lemieux wrote in message <3A1432A7.2BA5CE7C@yahoo.com>...
>Hi,
> I was wondering, what are all the issues a hacker would have to hack my
>computer if he gave me a few files.gif, file.pov and file.ini to render?


If you are running an old version of the SuperPatch, watch out for #exec
commands in the .pov and .ini files.  Also, check to make sure that the
scene files are not #including files that they shouldn't (such as your
password file).

--
Mark

Post a reply to this message

> If you are running an old version of the SuperPatch, watch out for #exec
> commands in the .pov and .ini files.  Also, check to make sure that the
> scene files are not #including files that they shouldn't (such as your
> password file).

Thanks, nice one...  It could render the encrypted password in the image and
nobody would pay attention to it... thinking it's part of the render...

For the #exec, I will only use Official povray... no patches...

Thanks,
	Simon

-- 
+-------------------------+----------------------------------+
| Simon Lemieux           | Website : http://www.666Mhz.net  |
| Email : Sin### [at] 666Mhznet | POV-Ray, OpenGL, C++ and more... |
+-------------------------+----------------------------------+

Post a reply to this message

Ron Parker <ron### [at] povrayorg> wrote:
: It's "<any whitespace>#<any whitespace>fopen<any whitespace>(whatever)"

  Note also that there could be whitespaces inside the parentheses
(although I think that 'whatever' meant also that, but just mentioning).

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):_;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

  "The derivative of sin(2x) is cos(2x)"  - Matt Giwer

Post a reply to this message

Francois Dispot <woz### [at] club-internetfr> wrote:
: Warp and Ron gave good ideas.

  I really hope that the guy who tried to hack that povray-site mentioned
in p.general did not get his ideas from that thread. I would feel quite
guilty if he/she did... :(
  (Although there wasn't anything in that thread that couldn't be
deduced reading the povray documentation...)

: If you make a scene featuring an infinite loop adding objects to an
: union, you will have POV crash after running out of memory.
: Unfortunately it is likely that some other processes die to, including
: system services.

  If it's a basic unix system, there shouldn't be any danger.
  I have run out of memory several times (even when running povray) and
nothing special has happened. The program just ended with an "out of memory".

  In Unix you can also limit the amount of memory a user can allocate.

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):_;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

  "The derivative of sin(2x) is cos(2x)"  - Matt Giwer

Post a reply to this message

Ron Parker <ron### [at] povrayorg> wrote:
: No it can't.  That's a famous theorem by from Computer Science, called the 
: Halting Problem.  It's insoluble.

  It's insoluble in the general case (that is, there's no general solution
for testing the halting of an algorithm).
  Sometimes, however, it can be easy:

#while(true) #end

  However, it's very easy to make it more complicated.
  It can be made so complicated that it's not possible for ANY logic to
deduce whether it will stop or not (just think about a short code which
tests the Fermat Theorem for all combinations of the four numbers and ends
when it finds an answer).

  Theoretically it would be possible to limit the number of loops, eg.
don't allow the #while to make more than 1 million loops.
  This, however, would require parsing the code as povray does.

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):_;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

  "The derivative of sin(2x) is cos(2x)"  - Matt Giwer

Post a reply to this message

On 17 Nov 2000 10:19:57 -0500, Warp wrote:
>  Theoretically it would be possible to limit the number of loops, eg.
>don't allow the #while to make more than 1 million loops.
>  This, however, would require parsing the code as povray does.

Or simply modifying the povray source code to exit with an error after
1 million iterations of the same loop.

-- 
Ron Parker   http://www2.fwi.com/~parkerr/traces.html
My opinions.  Mine.  Not anyone else's.

Post a reply to this message

Ron Parker <ron### [at] povrayorg> wrote:
: Or simply modifying the povray source code to exit with an error after
: 1 million iterations of the same loop.

  Yes, that would be certainly easier :)

  However, you have to take into account nested loops (think about 10 nested
loops, each one of them looping 1 million times).

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):_;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

  "The derivative of sin(2x) is cos(2x)"  - Matt Giwer

Post a reply to this message