I've locked the system further down. If people desire, then we
can disable any file access by default. At the moment writing
should only be possible with pattern ~/.fgfs/Export/* and
~/.fgfs/Scenery/*.stg.
m.
-
Check out the
* Melchior FRANZ -- Monday 16 June 2008:
I've locked the system further down.
var read_rules = [
[root ~ /*, 1],
[home ~ /*, 1],
];
var write_rules = [
[home ~ /Scenery/*.stg, 1],
[home ~ /Export/*, 1],
];
The 1 means ALLOW, whereas 0 would mean
Hi,
Ups- I didn't want to send it to devel-list, but it seems the list is working
again, so no problem! ;-)
For those who aren't fit in german: I noticed that the livery handling over mp
isn't working as expected. I can't see any change in livery or over home
network.
I know that
The rules are now read from $FG_ROOT/Nasal/IOrules or, if
available, $FG_HOME/Nasal/IOrules. That way people who don't
have write permission for $FG_HOME/Nasal/io.nas can still
extend and modify the rules. The default is:
READ ALLOW $FG_ROOT/*
READ ALLOW $FG_HOME/*
WRITE ALLOW
Ehlo ppl ;)
Can't you just restrict the io to the $FG_HOME dir or something? And if
the user (I doubt that John Doe needs this...) requires permissions some
where else then he/she could tell fgfs that with a cmd line argument?
like --io-read=/myDir --io-read=/tmp --io-write=/etc/passwd ?
* Sven Almgren -- Monday 16 June 2008:
Can't you just restrict the io to the $FG_HOME dir or something?
Sure:
READ ALLOW $FG_HOME/*
WRITE ALLOW $FG_HOME/*
like --io-read=/myDir --io-read=/tmp --io-write=/etc/passwd ?
Any of the options overwrites a previous one with the same name,
so
* Melchior FRANZ -- Monday 16 June 2008:
At least for now we should be reasonably safe from evil people
and have time to find better solutions.
BTW: Why the sudden paranoia? Not that we should have waited
much longer for some security enhancements in any case, but the
fact that there seem now
Melchior FRANZ wrote:
* Melchior FRANZ -- Monday 16 June 2008:
At least for now we should be reasonably safe from evil people
and have time to find better solutions.
BTW: Why the sudden paranoia? Not that we should have waited
much longer for some security enhancements in any case,
On Mon, 16 Jun 2008 15:40:54 +0200, Sven wrote in message
[EMAIL PROTECTED]:
Melchior FRANZ wrote:
* Melchior FRANZ -- Monday 16 June 2008:
At least for now we should be reasonably safe from evil people
and have time to find better solutions.
BTW: Why the sudden paranoia?
* Melchior FRANZ -- Monday 16 June 2008:
I know that bo105/plib are only correctly shown in fg/plib, and
bo105/osg only in fg/osg.
bo105/plib should now show up correctly in fg/osg (with random
variant and special emblem). bo105/osg are not shown correctly
in fg/plib, and probably never will.
On Fri, 2008-06-13 at 14:14 +0200, Holger Wirtz wrote:
Hi,
sorry, this is perhaps a little bit off topic but I haven't found any
answers the last days:
How can I start up at a specific position in air?
I found some hints at
http://wiki.flightgear.org/index.php/Starting_in_the_Air but if
Melchior FRANZ wrote:
It's well known that Nasal has an io module with wrappers around
fopen(), fclose(), etc. An aircraft that you install, or even
scenery objects with embedded Nasal could in the past use this
to delete the contents of your whole home directory, or to append
commands to
Melchior FRANZ wrote:
* Sven Almgren -- Monday 16 June 2008:
like --io-read=/myDir --io-read=/tmp --io-write=/etc/passwd ?
One could, of course, use this instead:
--prop:io-read=/myDir --prop:io-read[1]=/tmp ...
I don't consider any command line option a security thread since writing
to
It's funny that nobody cared a year long, and now that the danger
is supposed to be banned, people get scared and nervous. :-}
* Erik Hofman -- Monday 16 June 2008:
(What are the reasons to write to a file anyway?)
Writing non-PropertyList XML files, like they are used in the
traffic manager
Sven Almgren wrote:
But is this really needed? How does M$ flightsim extensions do? You
have to trust the source somewhat, We could sneak in bad code in
fgfs too, and ppl would run it anyway... Can the addoncreators be
trustet as much as we can?
Sure. FlightGear is a local program, and
* Melchior FRANZ -- Monday 16 June 2008:
Writing non-PropertyList XML files, like they are used in the
traffic manager and for flight plans.
Correction: not for flight plans -- these are PropertyLists. But
for the other stuff like parking files etc.
The power of a system isn't defined by what
Melchior FRANZ wrote:
It's funny that nobody cared a year long, and now that the danger
is supposed to be banned, people get scared and nervous. :-}
I don't, I just though I could help here.
Erik
-
Check out the new
Melchior FRANZ wrote:
* Erik Hofman -- Monday 16 June 2008:
(What are the reasons to write to a file anyway?)
Writing non-PropertyList XML files, like they are used in the
traffic manager and for flight plans.
Maybe making sure the file ends with .xml could also help a lot.
Erik
* Erik Hofman -- Monday 16 June 2008:
Maybe making sure the file ends with .xml could also help a lot.
io.nas:113: writexml()
if(substr(path, -4) != .xml)
path ~= .xml;
fg_commands.cxx:1365: do_save_xml_from_proptree()
if (file.extension() != xml)
* Melchior FRANZ -- Monday 16 June 2008:
* Erik Hofman -- Monday 16 June 2008:
(What are the reasons to write to a file anyway?)
Writing non-PropertyList XML files, like they are used in the
traffic manager and for flight plans.
Writing *.stg files (adding models or adjusting elevations
On Mon, 2008-06-16 at 21:20 -0430, Ernesto Hernandez-Novich wrote:
What happened to http://www.terragear.org? Where can I get the latest
TerraGear?
Terragear.org is still there for me... There has been a server problem
that is mostly resolved at this point. Look at the page
21 matches
Mail list logo