On 18/03/15 21:32, Markus Wanner wrote:
Yes, the allowed-paths list is intentionally identical to the (post-#780716-fix) Nasal/IOrules: the purpose of this patch is to move the checking process to somewhere scripts can't disable.On 03/18/2015 09:09 PM, Adam D. Barratt wrote:++ write_allowed_paths.push_back("/tmp/*.xml"); Is that really intended? (Both the hardcoding of /tmp/ rather than using something respecting TMPDIR and being allowed to write any ".xml" there.)It certainly matches Nasal/IOrules in flightgear-data,
I'm not quite sure what Nasal scripts need to write temporary XML files.
I'm not aware of any that do, but haven't specifically looked.Is untrusted scripts being able to write (not read) /tmp/*.xml a security or other RC bug (which would require a new upload of flightgear _and_ flightgear-data with the obvious fixes), or just not a good idea?