No description
7198dec355
* Before setting /sim/aircraft-dir from the --aircraft-dir option,
canonicalize its value with SGPath::realpath() as is already done in
FGGlobals::append_aircraft_path() for the paths given with --fg-aircraft
or via the FG_AIRCRAFT environment variable.
* This fixes a bug when --aircraft-dir is used, due to the fact that
fgValidatePath() canonicalizes its 'path' argument before matching it
against the allowed patterns, and therefore will not validate paths
under the directory specified with --aircraft-dir if this directory has
been given in a non-canonical form by the user (e.g., containing at
least one symlink component).
* This fix does not lower security: the path which is canonicalized has
been explicitely given by the user. This operation is already done for
all paths specified with --fg-aircraft or via the FG_AIRCRAFT
environment variable, via Options::initPaths() which calls
FGGlobals::append_aircraft_paths().
* To reproduce the bug, create a symlink (e.g., /tmp/aircrafts) to a
directory suitable for --fg-aircraft, then run:
fgfs ... --fg-aircraft=/tmp/aircrafts \
--aircraft-dir=/tmp/aircrafts/SenecaII --aircraft=SenecaII
This will trigger many failures such as:
loadxml: reading '/tmp/aircrafts/SenecaII/Dialogs/registration.xml'
denied (unauthorized directory - authorization no longer follows
symlinks; to authorize reading additional directories, add them to
--fg-aircraft)
(from do_load_xml_to_proptree() in flightgear/src/Main/fg_commands.cxx)
I have also tested this with the ec130b4 and the 777-200ER. Same
problem, same fix.
|
||
|---|---|---|
| 3rdparty | ||
| CMakeModules | ||
| docs-mini | ||
| examples/netfdm | ||
| icons | ||
| man | ||
| package | ||
| scripts | ||
| src | ||
| tests | ||
| utils | ||
| .gitignore | ||
| AUTHORS | ||
| ChangeLog | ||
| CMakeLists.txt | ||
| COPYING | ||
| INSTALL | ||
| NEWS | ||
| README | ||
| README.cmake | ||
| README.msvc | ||
| README.OpenAL | ||
| README.OSG | ||
| README.plib | ||
| README.SimGear | ||
| Thanks | ||
| version | ||
Welcome to the FlightGear Flight Simulator project. =================================================== The primary web page for this project is: http://www.flightgear.org For basic installation instructions see the "INSTALL" file. Before you can run FlightGear you will also need to download and install the "base" package which is a collection of textures, sounds, sample scenery, and other data files needed by the sim. For additional install help for specific platforms please browse the "docs-mini/" subdirectory. More complete documentation is available from our web page as a separate distribution. Please take a look at the "Thanks" file for a list of people who have contributed to this project. If you have contributed something but don't find your name in this file. Please send a polite reminder to http://www.flightgear.org/~curt For a summary of changes/additions by version see the "NEWS" file. This project is GPL'd. For complete details on our licensing please see the "COPYING" file. For information on available mailing lists, mailing list archives, and other available source code and documenation, please visit our web site. FlightGear is a product of the collaboration of large international group of volunteers. FlightGear is a work in progress. FlightGear comes with no warrantee. We hope you enjoy FlightGear and/or find it of some value!