Re: [Flightgear-devel] Terrasync mirror short on disk space
How much data/trafic are we talking about? I might be able to host something... /Sven AnMaster wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello everyone, Sadly I'm unsure how long I will be able to keep my terrasync mirror up, atm I'm dropping mirroring of 0.9.10 scenery due to disk space (only keeping 1.0.0 scenery). I see that on the other hand Curt's server only mirrors Scenery-0.9.8 and Scenery-0.9.10. Confusing. In any case I have to stop mirroring more than just one scenery version right now (don't have time to wait for opinions on what one, sorry), and have thus selected 1.0 scenery. Regards, Arvid Norlander -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREKAAYFAkhk01cACgkQWmK6ng/aMNnMJACfUOzXV43UvHW8g06ELusjMzf2 TSEAnir3VLqNa4tGYuyZ8ece7wXLF9wv =X50h -END PGP SIGNATURE- - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
Re: [Flightgear-devel] [SECURITY] Nasal: io.open() restricted
You could however limit every io.open to only have write access to a single directory as stated before, not allowing more sources...? Then you could skip the .xml extention checks? As this would disable any modification outside the predefined directory. It could be set to something like FG_ROOT\storage or something? But I think I might have missed what the problem is here... I read that it was something with prop-tree and networking... Limiting writes to some directories would limit the damage that could result, but itsn't it better to try to limit what the io can do when it's invoked from a network context? But then there was some references to whatever you could trust downloaded models, but you shouldn't download models if you don't trust the source...? /Sven Melchior FRANZ wrote: * Melchior FRANZ -- Monday 16 June 2008: * Erik Hofman -- Monday 16 June 2008: (What are the reasons to write to a file anyway?) Writing non-PropertyList XML files, like they are used in the traffic manager and for flight plans. Writing *.stg files (adding models or adjusting elevations for the current terrain). Writing an *.svg file with a graphic showing the flight path, or flight parameters. Or a smilie. Writing or modifying a PostScript file, for example to hand out to children on LinuxTag or flight shows, with flight time and duration automatically filled in. You could move that straight to the printer. (Caution: an attacker could empty your toner cartridge with that! ;-) Writing a TeX file with a table showing flight parameters, fuel consumption, whatever. None of this crucial, and all of it doable with external scripts from XML exported data. But the possibility to do it with Nasal drivers from within is nice. And something that other flight sims might not be able to do. Maybe something that our corporate users would like to do. They'll probably not download questionable aircraft from 3rd party sources. :-) m. - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
Re: [Flightgear-devel] [SECURITY] Nasal: io.open() restricted
Ehlo ppl ;) Can't you just restrict the io to the $FG_HOME dir or something? And if the user (I doubt that John Doe needs this...) requires permissions some where else then he/she could tell fgfs that with a cmd line argument? like --io-read=/myDir --io-read=/tmp --io-write=/etc/passwd ? /Sven Melchior FRANZ wrote: * Melchior FRANZ -- Monday 16 June 2008: people who don't have write permission for $FG_HOME/Nasal/io.nas err ... $FG_ROOT/Nasal/io.nas READ ALLOW $FG_ROOT/* [...] This can be overridden with a file $FG_HOME/Nasal/IOrules that is either empty, or contains these rules: READ DENY * WRITE DENY * err ... it can be overridden with any rules. The important point is that a local file doesn't add to the global rules, but replace them. And an empty file or one with READ DENY *\nWRITE DENY * is the most restrictive you can have. m. - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
Re: [Flightgear-devel] [SECURITY] Nasal: io.open() restricted
Melchior FRANZ wrote: * Melchior FRANZ -- Monday 16 June 2008: At least for now we should be reasonably safe from evil people and have time to find better solutions. BTW: Why the sudden paranoia? Not that we should have waited much longer for some security enhancements in any case, but the fact that there seem now to be web sites with random fgfs addons to download made me feel a bit uncomfortable. It was all too easy to cause quite some damage, and not everyone reviews the fgfs stuff he installs. Of course, it would be better to keep the official repositories as the central place for all sorts of scenery and aircraft addons, and not to rely on any outside source. And to review the stuff before committing. :-) m. A little paranoia now and then can only be healthy ;) But as you said, you could use colons or commas for the list of files, like --prop:io-read=/myDir,/tmp,/dev/null or some other separator, like : or ;.Colon (:) is a bad idea as it would mess with windows paths that involves a drive:, you could use semi-colon (;) but that would require escaping on linux, if you don't do it like --prop:io-read=/myDir;/tmp;/dev/null;c:\windows\system32\sam. About the tree, you could use it like you saied, but that would be a hell to write, but I guess that would be a good solution otherwise... but parsing the line from above would also be doable, but I guess your tree names are more mainstream :P But can't you just restrict the io to a single directory and then let the users install their extensions there? or just export the entire FG_ROOT? But is this really needed? How does M$ flightsim extensions do? You have to trust the source somewhat, We could sneak in bad code in fgfs too, and ppl would run it anyway... Can the addoncreators be trustet as much as we can? Comments? - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
Re: [Flightgear-devel] Patch for the webpage JS menu
I don't run emacs (read, don't have it..:P) Any other diff you'd like instead? the output of the submit program? Curtis Olson wrote: Hi Sven, Sorry for the slow reply. I like to copies of the whole file when possible ... especially for something like this ... I like to run emacs ediff so I can examine the two versions side by side. Best regards, Curt. 2008/2/27 Sven Almgren [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: from cvs diff -uN in the www module This diff will also add a href links to menu items, enabling users to open new tabs/windows from the menu items Also, how do you want your patches? (I did cvs diff in the www root...) /Sven - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net mailto:Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel -- Curtis Olson: http://baron.flightgear.org/~curt/ http://baron.flightgear.org/%7Ecurt/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
Re: [Flightgear-devel] Patch for Saitek Pro-Flight-Rudder-Pedals under Windows XP
Sorry ^^ The other axis where more like mac+windows != linux,,, but the missing axis in windows is probably a bug, first time i fixed it was by just copying the whole section for rudder and changed n=2 to n=3... but that wasn't such a nice solution =/ hope they dont fix the problem in the windows driver,,, otherwise my first fix (the one not sent here) would work better... /Sven On Fri, 2008-02-29 at 00:04 +0900, Tatsuhiro Nishioka wrote: Hi, On Feb 28, 2008, at 2:51 AM, Sven Almgren wrote: Saitek Pro-Flight-Rudder-Pedals's name differs in windows from linux, and the axis for the rudder is 3, not 2... assumes Mac uses same channel as windows, but could be wrong... linux is set to channel 2, and windows and mac is set to 3 Good try, but unfortunately your assumptions is not true. :-p Mac assigns axis 2 for rudder, not 3. I fixed and committed it. Pedal name on Mac is the same as the one you added. Thanks, Tat - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
[Flightgear-devel] Patch for the webpage JS menu
from cvs diff -uN in the www module
This diff will also add a href links to menu items, enabling users to
open new tabs/windows from the menu items
Also, how do you want your patches? (I did cvs diff in the www root...)
/Sven
Index: JSZenMenu.js
===
RCS file: /var/cvs/FlightGear-0.9/www/JSZenMenu.js,v
retrieving revision 1.2
diff -u -r1.2 JSZenMenu.js
--- JSZenMenu.js 31 Dec 2007 16:22:57 - 1.2
+++ JSZenMenu.js 27 Feb 2008 10:33:04 -
@@ -52,7 +52,10 @@
tmpArr=new Array(img src=\+root+th+/+m.a[i].img+\,m.a[i].v,img src=\+root+th+/+m.a[i].i2+\);
if(or==0) m.a[i].o=0;
var clic = ;
- if(m.a[i].l!=#)clic= --- ;
+ if(m.a[i].l!=#){
+clic= --- ;
+tmpArr[1]='a href='+m.a[i].l+'' + tmpArr[1] + '/a';
+ }
sstr+=s2+tr id=\+m.a[i].Id+n+\ class=\+th+\ ::: +clic+ ;
if(m.a[i].a!=null){
if(or==0)
@@ -210,7 +213,11 @@
gen(m,th,name,orient,root);
if (m.a!=null){
var obj=getObj(id);
- obj.innerHTML=sstr.replace(/---/g, onClick=\hidems(+name+,'+th+',this.id,'+name+');\ ).replace(/:::/g, onMouseOver=\playMenu(+name+,this.id,'+th+','+name+');\ );
+ var str = sstr;
+ str=str.replace(/---/g, onClick=\hidems(+name+,'+th+',this.id,'+name+');\ );
+ str=str.replace(/:::/g, onMouseOver=\playMenu(+name+,this.id,'+th+','+name+');\ );
+ obj.innerHTML=str;
+ //obj.innerHTML=sstr.replace(/---/g, onClick=\hidems(+name+,'+th+',this.id,'+name+');\ ).replace(/:::/g, onMouseOver=\playMenu(+name+,this.id,'+th+','+name+');\ );
getObj(p+m.a[0].Id+name).style.visibility='visible';
if(pos==null)pos='static';
getObj(p+m.a[0].Id+name).style.position=pos;
Index: ZMFGTheme/theme.css
===
RCS file: /var/cvs/FlightGear-0.9/www/ZMFGTheme/theme.css,v
retrieving revision 1.1
diff -u -r1.1 theme.css
--- ZMFGTheme/theme.css 21 Dec 2007 19:16:35 - 1.1
+++ ZMFGTheme/theme.css 27 Feb 2008 10:33:04 -
@@ -9,7 +9,7 @@
}
/* submenu text items */
-.ZMFGThemeTABLE, .ZMFGThemeTABLEV, .ZMFGThemeTABLEH, .ZMFGThemeTD {
+.ZMFGThemeTABLE, .ZMFGThemeTABLEV, .ZMFGThemeTABLEH, .ZMFGThemeTD, .ZMFGThemeTABLE a {
font-family:Verdana, Arial, Helvetica, sans-serif;
font-size:13px;
font-weight:bold;
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___
Flightgear-devel mailing list
Flightgear-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flightgear-devel
[Flightgear-devel] Patch for Saitek Pro-Flight-Rudder-Pedals under Windows XP
Saitek Pro-Flight-Rudder-Pedals's name differs in windows from linux, and the axis for the rudder is 3, not 2... assumes Mac uses same channel as windows, but could be wrong... linux is set to channel 2, and windows and mac is set to 3 I include both the bziped and the plain file, not sure if I have to use bz as diffs are small (used ../../../../source/scripts/tools/fg-submit to create it) ? Saitek.diff Index: Pro-Flight-Rudder-Pedals.xml === RCS file: /var/cvs/FlightGear-0.9/data/Input/Joysticks/Saitek/Pro-Flight-Rudder-Pedals.xml,v retrieving revision 1.1 diff -u -p -r1.1 Pro-Flight-Rudder-Pedals.xml --- Pro-Flight-Rudder-Pedals.xml 16 Jan 2007 00:45:56 - 1.1 +++ Pro-Flight-Rudder-Pedals.xml 27 Feb 2008 17:44:05 - @@ -16,6 +16,7 @@ $Id: Pro-Flight-Rudder-Pedals.xml,v 1.1 PropertyList + nameSaitek Pro Flight Rudder Pedals/name nameSaitek Saitek Pro Flight Rudder Pedals/name axis n=0 @@ -39,6 +40,11 @@ $Id: Pro-Flight-Rudder-Pedals.xml,v 1.1 /axis axis n=2 + number + windows3/windows + mac3/mac + linux2/linux + /number descRudder/desc binding commandproperty-scale/command Saitek.diff.bz2 Description: application/bzip - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
