On Mon, 16 Jun 2008 15:40:54 +0200, Sven wrote in message
<[EMAIL PROTECTED]>:
> Melchior FRANZ wrote:
> > * Melchior FRANZ -- Monday 16 June 2008:
> >
> >> At least for now we should be reasonably safe from evil people
> >> and have time to find better solutions.
> >>
> >
> > BTW: Why the sudden paranoia? Not that we should have waited
> > much longer for some security enhancements in any case, but the
> > fact that there seem now to be web sites with random fgfs addons
> > to download made me feel a bit uncomfortable. It was all too easy
> > to cause quite some damage, and not everyone reviews the fgfs
> > stuff he installs. Of course, it would be better to keep the
> > official repositories as the central place for all sorts of
> > scenery and aircraft addons, and not to rely on any outside
> > source. And to review the stuff before committing. :-)
> >
> > m.
> >
> A little paranoia now and then can only be healthy ;)
>
> But as you said, you could use colons or commas for the list of
> files, like --prop:io-read=/myDir,/tmp,/dev/null
> or some other separator, like : or ;.Colon (":") is a bad idea as it
> would mess with windows paths that involves a drive:, you could use
> semi-colon (;) but that would require escaping on linux, if you don't
> do it like
> --prop:io-read="/myDir;/tmp;/dev/null;c:\windows\system32\sam".
..it's also possible to do our own thing, e.g. "::" (2 colons):
--prop:io-read="/myDir::/tmp::/dev/null::c:\windows\system32\sam"
or say ":&&" (a ":" plus 2 "&"'s, unless it breaks something) like:
--prop:io-read="/myDir:&&/tmp:&&/dev/null:&&c:\windows\system32\sam"
building our own separator from more than one character, or even
use one or more utf-8, e.g. the Norwedian letter "å" ("a-ring")
is pronounced "awe" just like the Norwegian "og" which btw means
"and" in English, e.g.:
--prop:io-read="/myDir:å:/tmp:å:/dev/null:å:c:\windows\system32\sam",
I'm not aware of anyone using "å:" as a Microsoft drive name. ;o)
> About the tree, you could use it like you saied, but that would be a
> hell to write, but I guess that would be a good solution otherwise...
> but parsing the line from above would also be doable, but I guess
> your tree names are more "mainstream" :P
>
> But can't you just restrict the io to a single directory and then let
> the users install their extensions there? or just export the entire
> FG_ROOT?
>
> But is this really needed? How does M$ flightsim extensions do? You
> have to trust the source somewhat, We could sneak in bad code in fgfs
> too, and ppl would run it anyway... Can the addoncreators be trustet
> as much as "we" can?
>
> Comments?
--
..med vennlig hilsen = with Kind Regards from Arnt... ;o)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Flightgear-devel mailing list
Flightgear-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flightgear-devel
