fly/flightgear
1
0
Fork 0
Code Activity

Nasal security: document that symlinks are no longer followed

Browse source
This commit is contained in:
Rebecca N. Palmer 2015-07-25 10:15:31 +01:00
parent e2cbacff90
commit e296ea5fe0
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/Main/fg_commands.cxx
View file

@ -1177,7 +1177,7 @@ do_load_xml_to_proptree(const SGPropertyNode * arg)
if (fgValidatePath(file, false).empty()) { if (fgValidatePath(file, false).empty()) {
SG_LOG(SG_IO, SG_ALERT, "loadxml: reading '" << file.str() << "' denied " SG_LOG(SG_IO, SG_ALERT, "loadxml: reading '" << file.str() << "' denied "
"(unauthorized access)"); "(unauthorized directory - authorization no longer follows symlinks; to authorize reading additional directories, add them to --fg-aircraft)");
return false; return false;
} }
@ -1259,7 +1259,7 @@ do_save_xml_from_proptree(const SGPropertyNode * arg)
if (fgValidatePath(file, true).empty()) { if (fgValidatePath(file, true).empty()) {
SG_LOG(SG_IO, SG_ALERT, "savexml: writing to '" << file.str() << "' denied " SG_LOG(SG_IO, SG_ALERT, "savexml: writing to '" << file.str() << "' denied "
"(unauthorized access)"); "(unauthorized directory - authorization no longer follows symlinks)");
return false; return false;
} }

4
src/Scripting/NasalSys.cxx
View file

@ -675,7 +675,7 @@ static naRef f_open(naContext c, naRef me, int argc, naRef* args)
strcmp(modestr, "rb") && strcmp(modestr, "r")); strcmp(modestr, "rb") && strcmp(modestr, "r"));
if(filename.empty()) { if(filename.empty()) {
naRuntimeError(c, "open(): reading/writing '%s' denied " naRuntimeError(c, "open(): reading/writing '%s' denied "
"(unauthorized access)", naStr_data(file)); "(unauthorized directory - authorization no longer follows symlinks; to authorize reading additional directories, add them to --fg-aircraft)", naStr_data(file));
return naNil(); return naNil();
} }
f = fopen(filename.c_str(), modestr); f = fopen(filename.c_str(), modestr);
@ -706,7 +706,7 @@ static naRef f_parsexml(naContext c, naRef me, int argc, naRef* args)
std::string file = fgValidatePath(naStr_data(args[0]), false); std::string file = fgValidatePath(naStr_data(args[0]), false);
if(file.empty()) { if(file.empty()) {
naRuntimeError(c, "parsexml(): reading '%s' denied " naRuntimeError(c, "parsexml(): reading '%s' denied "
"(unauthorized access)", naStr_data(args[0])); "(unauthorized directory - authorization no longer follows symlinks; to authorize reading additional directories, add them to --fg-aircraft)", naStr_data(args[0]));
return naNil(); return naNil();
} }
std::ifstream input(file.c_str()); std::ifstream input(file.c_str());