|
|
On Thu, 16 Nov 2000 17:15:39 -0500, Simon Lemieux wrote:
>> You don't have to know how it's done to avoid it. :)
>
>And what if... I want to know... if there are security problems in povray, I
>need to know them... You might have seen on povray.general that I've started
>working on an utility for povray... well, that's why I would need these security
>informations.
Well, then...
You probably need to make sure the script doesn't do any #fopens or #writes,
and make sure the output filename specified in the .ini file is okay (or remove
it entirely and replace it with a filename you make up.) That'll be good
enough to catch most problems. Watch for weird parser stuff like the fact
that this is valid syntax:
#
fopen (whatever)
>What if I'm not on linux but on Windows? what about MacOS? what about the newer
>MacOS X?
MacOS X is of course BSD-based, so should support things like permissions and
chroot. The other two aren't server operating systems, and running server
processes on them is just asking for trouble.
--
Ron Parker http://www2.fwi.com/~parkerr/traces.html
My opinions. Mine. Not anyone else's.
Post a reply to this message
|
|