The Persistence of Vision Raytracer (POV-Ray).
This is the legacy Bug Tracking System for the POV-Ray project. Bugs listed here are being migrated to our github issue tracker. Please refer to that for new reports or updates to existing ones on this system.
Attached to Project: POV-Ray
Opened by Andrey Zholos - 2014-07-22
Last edited by William F Pokorny - 2016-11-22
Opened by Andrey Zholos - 2014-07-22
Last edited by William F Pokorny - 2016-11-22
FS#326 - restricted setting ignored in 3.7
Due to a typo in the conf file parser (introduced, I think, in refactoring after 3.6), the restricted setting is ignored, and access checks aren’t performed.
Fixing this reveals some other issues:
%INSTALLDIR%/../../etcis incompletely canonicalized to/usr/local/share/../etc, not/usr/local/etcread+writepaths are added to the read list only, so writing is impossible
See attached patch.
Relatedly, I think it would be nice to add a new replacement token %CONFDIR% instead of %INSTALLDIR%/../../etc.
Also, there’s a realpath function that could simplify path handling, though I’m not sure if it’s available on all platforms.
restricted.patch
(1.7 KiB)
Now tracked on github as issue #158.