POV-Ray: Newsgroups: povray.programming: Hackers... (Howto "not being hacked with povray"): Re: Hackers... (Howto "not being hacked with povray")

POV-Ray : Newsgroups : povray.programming : Hackers... (Howto "not being hacked with povray") : Re: Hackers... (Howto "not being hacked with povray")		Server Time 28 Jul 2024 14:29:50 EDT (-0400)

From: Ron Parker
Date: 16 Nov 2000 16:20:50
Message: <slrn918jtk.8j4.ron.parker@fwi.com>

On Thu, 16 Nov 2000 17:15:39 -0500, Simon Lemieux wrote:
>> You don't have to know how it's done to avoid it. :)
>
>And what if... I want to know... if there are security problems in povray, I
>need to know them...  You might have seen on povray.general that I've started
>working on an utility for povray... well, that's why I would need these security
>informations.

Well, then...

You probably need to make sure the script doesn't do any #fopens or #writes,
and make sure the output filename specified in the .ini file is okay (or remove
it entirely and replace it with a filename you make up.)  That'll be good
enough to catch most problems.  Watch for weird parser stuff like the fact
that this is valid syntax:

                                                 #

    fopen (whatever)

>What if I'm not on linux but on Windows? what about MacOS? what about the newer
>MacOS X?

MacOS X is of course BSD-based, so should support things like permissions and
chroot.  The other two aren't server operating systems, and running server
processes on them is just asking for trouble.

-- 
Ron Parker   http://www2.fwi.com/~parkerr/traces.html
My opinions.  Mine.  Not anyone else's.

Post a reply to this message