POV-Ray

The Persistence of Vision Raytracer (POV-Ray).

This is the legacy Bug Tracking System for the POV-Ray project. Bugs listed here are being migrated to our github issue tracker. Please refer to that for new reports or updates to existing ones on this system.

Tasklist

FS#326 - restricted setting ignored in 3.7

Attached to Project: POV-Ray
Opened by Andrey Zholos (aaz) - Tuesday, 22 July 2014, 15:10 GMT
Last edited by William F Pokorny (wfpokorny) - Tuesday, 22 November 2016, 19:19 GMT
Task Type Definite Bug
Category Frontend → Other
Status Tracked on GitHub
Assigned To No-one
Operating System BSD
Severity Low
Priority Normal
Reported Version 3.70 release
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Due to a typo in the conf file parser (introduced, I think, in refactoring after 3.6), the restricted setting is ignored, and access checks aren’t performed.

Fixing this reveals some other issues:

  • %INSTALLDIR%/../../etc is incompletely canonicalized to /usr/local/share/../etc, not /usr/local/etc
  • read+write paths are added to the read list only, so writing is impossible

See attached patch.

Relatedly, I think it would be nice to add a new replacement token %CONFDIR% instead of %INSTALLDIR%/../../etc.

Also, there’s a realpath function that could simplify path handling, though I’m not sure if it’s available on all platforms.

This task depends upon

Comment by William F Pokorny (wfpokorny) - Tuesday, 22 November 2016, 19:19 GMT
  • Field changed: Status (Unconfirmed → Tracked on GitHub)

Now tracked on github as issue #158.

Loading...