Nasal: move IOrules check to better place and exit on failure.
This commit is contained in:
Thomas Geymayer
parent
bb38e59ba2
commit
0b9e72eb87
3 changed files with 62 additions and 24 deletions
|
|
@ -882,29 +882,6 @@ void fgPostInitSubsystems()
|
|||
nasal->init();
|
||||
SG_LOG(SG_GENERAL, SG_INFO, "Nasal init took:" << st.elapsedMSec());
|
||||
|
||||
// Ensure IOrules and path validation are working properly by trying to
|
||||
// access a folder/file which should never be accessible.
|
||||
const char* no_access_path =
|
||||
#ifdef _WIN32
|
||||
"Z:"
|
||||
#endif
|
||||
"/do-not-access";
|
||||
|
||||
if( fgValidatePath(no_access_path, true) )
|
||||
SG_LOG
|
||||
(
|
||||
SG_GENERAL,
|
||||
SG_ALERT,
|
||||
"Check your IOrules! (write to '" << no_access_path << "' is allowed)"
|
||||
);
|
||||
if( fgValidatePath(no_access_path, false) )
|
||||
SG_LOG
|
||||
(
|
||||
SG_GENERAL,
|
||||
SG_ALERT,
|
||||
"Check your IOrules! (read from '" << no_access_path << "' is allowed)"
|
||||
);
|
||||
|
||||
// initialize methods that depend on other subsystems.
|
||||
st.stamp();
|
||||
globals->get_subsystem_mgr()->postinit();
|
||||
|
|
|
|||
|
|
@ -855,6 +855,12 @@ void FGNasalSys::init()
|
|||
signal->setBoolValue(s, true);
|
||||
signal->removeChildren(s);
|
||||
|
||||
if( !checkIOrules() )
|
||||
{
|
||||
SG_LOG(SG_NASAL, SG_ALERT, "Required IOrules check failed.");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
// Pull scripts out of the property tree, too
|
||||
loadPropertyScripts();
|
||||
|
||||
|
|
@ -1284,6 +1290,47 @@ void FGNasalSys::gcRelease(int key)
|
|||
naGCRelease(key);
|
||||
}
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
bool FGNasalSys::checkIOrules()
|
||||
{
|
||||
// Ensure IOrules and path validation are working properly by trying to
|
||||
// access a folder/file which should never be accessible.
|
||||
const char* no_access_path =
|
||||
#ifdef _WIN32
|
||||
"Z:"
|
||||
#endif
|
||||
"/do-not-access";
|
||||
|
||||
bool success = true;
|
||||
|
||||
// write access
|
||||
if( fgValidatePath(no_access_path, true) )
|
||||
{
|
||||
success = false;
|
||||
SG_LOG
|
||||
(
|
||||
SG_GENERAL,
|
||||
SG_ALERT,
|
||||
"Check your IOrules! (write to '" << no_access_path << "' is allowed)"
|
||||
);
|
||||
}
|
||||
|
||||
// read access
|
||||
if( fgValidatePath(no_access_path, false) )
|
||||
{
|
||||
success = false;
|
||||
SG_LOG
|
||||
(
|
||||
SG_GENERAL,
|
||||
SG_ALERT,
|
||||
"Check your IOrules! (read from '" << no_access_path << "' is allowed)"
|
||||
);
|
||||
}
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
//------------------------------------------------------------------------------
|
||||
void FGNasalSys::NasalTimer::timerExpired()
|
||||
{
|
||||
nasal->handleTimer(this);
|
||||
|
|
|
|||
|
|
@ -129,6 +129,20 @@ public:
|
|||
int gcSave(naRef r);
|
||||
void gcRelease(int key);
|
||||
|
||||
/**
|
||||
* Check if IOrules correctly work to limit access from Nasal scripts to the
|
||||
* file system.
|
||||
*
|
||||
* @note Just a simple test is performed to check if access to a path is
|
||||
* possible which should never be possible (The actual path refers to
|
||||
* a file/folder named 'do-not-access' in the file system root).
|
||||
*
|
||||
* @see http://wiki.flightgear.org/IOrules
|
||||
*
|
||||
* @return Whether the check was successful.
|
||||
*/
|
||||
bool checkIOrules();
|
||||
|
||||
/// retrive the associated log object, for displaying log
|
||||
/// output somewhere (a UI, presumably)
|
||||
simgear::BufferedLogCallback* log() const
|
||||
|
|
|
|||
Loading…
Reference in a new issue