File: s_23.html

package info (click to toggle)
povray 1%3A3.6.1-6
  • links: PTS
  • area: non-free
  • in suites: etch, etch-m68k
  • size: 31,052 kB
  • ctags: 20,305
  • sloc: ansic: 110,032; cpp: 86,573; sh: 13,595; pascal: 5,942; asm: 2,994; makefile: 1,747; ada: 1,637
file content (152 lines) | stat: -rw-r--r-- 4,691 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 

<!--  This file copyright Persistence of Vision Raytracer Pty. Ltd. 2003-2004  -->
<html> 
<head>
  
<!--  NOTE: In order to users to help find information about POV-Ray using  -->
 
<!--  web search engines, we ask you to *not* let them index documentation  -->
 
<!--  mirrors because effectively, when searching, users will get hundreds  -->
 
<!--  of results containing the same information! For this reason, the two  -->
 
<!--  meta tags below disable archiving and indexing of this page by all  -->
 
<!--  search engines that support these meta tags.  -->
 
 <meta content="noarchive" name="robots">
   
 <meta content="noindex" name="robots">
   
 <meta content="no-cache" http-equiv="Pragma">
   
 <meta content="0" http-equiv="expires">
   
<title>1.4 I/O Restrictions</title>
 <link href="povray35.css" rel="stylesheet" type="text/css"> 
</head>
 <body> 
<table class="NavBar" width="100%">
  
 <tr>
   
  <td align="left" nowrap="" valign="middle" width="32">
    <a href="s_22.html"><img alt="previous" border="0" src="prev.png"></a> 
   
  </td>
   
  <td align="left" valign="middle" width="30%">
    <a href="s_22.html">1.3.7 POV-Ray for Unix Tips</a> 
  </td>
   
  <td align="center" valign="middle">
    <strong class="NavBar">POV-Ray 3.6 for UNIX documentation</strong><br> <strong>1.4 
   I/O Restrictions</strong> 
  </td>
   
  <td align="right" valign="middle" width="30%">
    <a href="s_24.html">1.4.1 Configuration file format</a> 
  </td>
   
  <td align="right" nowrap="" valign="middle" width="32">
    <a href="s_24.html"><img alt="next" border="0" src="next.png"></a> 
   
  </td>
   
 </tr>
  
</table>
 
<h2><a name="s01_04">1.4 </a>I/O Restrictions</h2>
<a name="s01_04_i1">
<p>
  I/O Restrictions are feature introduced in POV-Ray for Unix 3.5. The purpose of this feature is to attempt to at 
 least partially protect a machine running POV-Ray from having files read or written outside of a given set of 
 directories. 
</p>

<p>
  The need for this is related to the fact that the POV-Ray scene language has, over the years, become something more 
 akin to a scripting language combined with a scene-description model. It is now possible to write obfuscated POV-Ray 
 code, and to open, create, read and write arbitrary files anywhere on the target system's hard disk (subject to 
 operating system permission). 
</p>

<p>
  The basic idea of I/O Restrictions is to attempt to protect the user from a script that may have been downloaded 
 from an untrusted source, and which may attempt to create or modify files that it should not. 
</p>

<p>
  The I/O Restriction facility hooks the file open and creation functions in the core POV-Ray renderer code, and 
 allows the Unix version to allow or deny any particular file operation. 
</p>

<p class="Warning">
  <strong>Note:</strong> We do not guarantee that the I/O Restriction facility will actually stop 
 anything from happening. There is always the chance that, like almost all software, it could have a bug in it that 
 causes it to malfunction. Therefore, the onus is on the person who chooses to load an INI or scene file into POV-Ray 
 to ensure that it does not do anything that it should not do. Please consider I/O Restrictions just a 
 sometimes-helpful backup for manual checks. 
</p>

<p>
  Please read this section in full so that you understand the caveats and conditions of the facility (such as the 
 fact that some directories are allowed by default). 
</p>

<p><strong>
 Section Contents
</strong>

<ul>
 
 <li>
  <a href="s_24.html#s01_04_01">1.4.1 Configuration file format</a>
 <li>
  <a href="s_25.html#s01_04_02">1.4.2 File I/O Security</a>
 <li>
  <a href="s_26.html#s01_04_03">1.4.3 Shellout Security</a>
 <li>
  <a href="s_27.html#s01_04_04">1.4.4 Permitted Paths</a>
  <ul>
   
   <li>
    <a href="s_27.html#s01_04_04_01">1.4.4.1 Examples for path settings</a>
  </ul>

 <li>
  <a href="s_28.html#s01_04_05">1.4.5 Example configuration file</a>
</ul>
 <br> 
<table class="NavBar" width="100%">
  
 <tr>
   
  <td align="left" nowrap="" valign="middle" width="32">
    <a href="s_22.html"><img alt="previous" border="0" src="prev.png"></a> 
   
  </td>
   
  <td align="left" valign="middle" width="30%">
    <a href="s_22.html">1.3.7 POV-Ray for Unix Tips</a> 
  </td>
   
  <td align="center" valign="middle">
    <strong>1.4 I/O Restrictions</strong> 
  </td>
   
  <td align="right" valign="middle" width="30%">
    <a href="s_24.html">1.4.1 Configuration file format</a> 
  </td>
   
  <td align="right" nowrap="" valign="middle" width="32">
    <a href="s_24.html"><img alt="next" border="0" src="next.png"></a> 
   
  </td>
   
 </tr>
  
</table>
 </body> </html>