From 0b9e72eb872a5ab6e7393e9f69e2cb0fb8b77e37 Mon Sep 17 00:00:00 2001 From: Thomas Geymayer Date: Fri, 19 Sep 2014 18:21:42 +0200 Subject: [PATCH] Nasal: move IOrules check to better place and exit on failure. --- src/Main/fg_init.cxx | 23 ------------------- src/Scripting/NasalSys.cxx | 47 ++++++++++++++++++++++++++++++++++++++ src/Scripting/NasalSys.hxx | 16 ++++++++++++- 3 files changed, 62 insertions(+), 24 deletions(-) diff --git a/src/Main/fg_init.cxx b/src/Main/fg_init.cxx index 8efcb805d..2143f67f5 100644 --- a/src/Main/fg_init.cxx +++ b/src/Main/fg_init.cxx @@ -882,29 +882,6 @@ void fgPostInitSubsystems() nasal->init(); SG_LOG(SG_GENERAL, SG_INFO, "Nasal init took:" << st.elapsedMSec()); - // Ensure IOrules and path validation are working properly by trying to - // access a folder/file which should never be accessible. - const char* no_access_path = -#ifdef _WIN32 - "Z:" -#endif - "/do-not-access"; - - if( fgValidatePath(no_access_path, true) ) - SG_LOG - ( - SG_GENERAL, - SG_ALERT, - "Check your IOrules! (write to '" << no_access_path << "' is allowed)" - ); - if( fgValidatePath(no_access_path, false) ) - SG_LOG - ( - SG_GENERAL, - SG_ALERT, - "Check your IOrules! (read from '" << no_access_path << "' is allowed)" - ); - // initialize methods that depend on other subsystems. st.stamp(); globals->get_subsystem_mgr()->postinit(); diff --git a/src/Scripting/NasalSys.cxx b/src/Scripting/NasalSys.cxx index 75c49fbcf..a991ece66 100644 --- a/src/Scripting/NasalSys.cxx +++ b/src/Scripting/NasalSys.cxx @@ -855,6 +855,12 @@ void FGNasalSys::init() signal->setBoolValue(s, true); signal->removeChildren(s); + if( !checkIOrules() ) + { + SG_LOG(SG_NASAL, SG_ALERT, "Required IOrules check failed."); + exit(-1); + } + // Pull scripts out of the property tree, too loadPropertyScripts(); @@ -1284,6 +1290,47 @@ void FGNasalSys::gcRelease(int key) naGCRelease(key); } +//------------------------------------------------------------------------------ +bool FGNasalSys::checkIOrules() +{ + // Ensure IOrules and path validation are working properly by trying to + // access a folder/file which should never be accessible. + const char* no_access_path = +#ifdef _WIN32 + "Z:" +#endif + "/do-not-access"; + + bool success = true; + + // write access + if( fgValidatePath(no_access_path, true) ) + { + success = false; + SG_LOG + ( + SG_GENERAL, + SG_ALERT, + "Check your IOrules! (write to '" << no_access_path << "' is allowed)" + ); + } + + // read access + if( fgValidatePath(no_access_path, false) ) + { + success = false; + SG_LOG + ( + SG_GENERAL, + SG_ALERT, + "Check your IOrules! (read from '" << no_access_path << "' is allowed)" + ); + } + + return success; +} + +//------------------------------------------------------------------------------ void FGNasalSys::NasalTimer::timerExpired() { nasal->handleTimer(this); diff --git a/src/Scripting/NasalSys.hxx b/src/Scripting/NasalSys.hxx index e487a48eb..096a591be 100644 --- a/src/Scripting/NasalSys.hxx +++ b/src/Scripting/NasalSys.hxx @@ -128,7 +128,21 @@ public: // when done. int gcSave(naRef r); void gcRelease(int key); - + + /** + * Check if IOrules correctly work to limit access from Nasal scripts to the + * file system. + * + * @note Just a simple test is performed to check if access to a path is + * possible which should never be possible (The actual path refers to + * a file/folder named 'do-not-access' in the file system root). + * + * @see http://wiki.flightgear.org/IOrules + * + * @return Whether the check was successful. + */ + bool checkIOrules(); + /// retrive the associated log object, for displaying log /// output somewhere (a UI, presumably) simgear::BufferedLogCallback* log() const