From 16784d590a315e876a7b18076569620640ffbdf6 Mon Sep 17 00:00:00 2001 From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com> Date: Fri, 13 Mar 2015 18:11:29 +0000 Subject: [PATCH] Document that property write-protection is not a security measure (Nasal can remove it) --- src/Main/fg_init.cxx | 7 +++++-- src/Main/globals.cxx | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/Main/fg_init.cxx b/src/Main/fg_init.cxx index cfb31f25b..9604f2a59 100644 --- a/src/Main/fg_init.cxx +++ b/src/Main/fg_init.cxx @@ -446,8 +446,9 @@ int fgInitConfig ( int argc, char **argv, bool reinit ) exportDir.create(0755); } - // Set /sim/fg-home and don't allow malign code to override it until - // Nasal security is set up. Use FG_HOME if necessary. + // Set /sim/fg-home. Use FG_HOME if necessary. + // deliberately not a tied property, for fgValidatePath security + // write-protect to avoid accidents SGPropertyNode *home = fgGetNode("/sim", true); home->removeChild("fg-home", 0); home = home->getChild("fg-home", 0, true); @@ -486,6 +487,8 @@ int fgInitConfig ( int argc, char **argv, bool reinit ) static void initAircraftDirsNasalSecurity() { + // deliberately not a tied property, for fgValidatePath security + // write-protect to avoid accidents SGPropertyNode* sim = fgGetNode("/sim", true); sim->removeChildren("fg-aircraft"); diff --git a/src/Main/globals.cxx b/src/Main/globals.cxx index 718e70e55..d41e00d5f 100644 --- a/src/Main/globals.cxx +++ b/src/Main/globals.cxx @@ -273,7 +273,8 @@ void FGGlobals::set_fg_root (const std::string &root) { << fg_root << "'\n***\n***"); } - // remove /sim/fg-root before writing to prevent hijacking + // deliberately not a tied property, for fgValidatePath security + // write-protect to avoid accidents SGPropertyNode *n = fgGetNode("/sim", true); n->removeChild("fg-root", 0); n = n->getChild("fg-root", 0, true);