+static string_list read_allowed_paths;
+static string_list write_allowed_paths;
+
+// Allowed paths here are absolute, and may contain _one_ *,
+// which matches any string
+// FG_SCENERY is deliberately not allowed, as it would make
+// /sim/terrasync/scenery-dir a security hole
+void fgInitAllowedPaths()
+{
+ read_allowed_paths.clear();
+ write_allowed_paths.clear();
+ std::string fg_root = fgNormalizePath(globals->get_fg_root());
+ std::string fg_home = fgNormalizePath(globals->get_fg_home());
+ read_allowed_paths.push_back(fg_root + "/*");
+ read_allowed_paths.push_back(fg_home + "/*");
+ string_list const aircraft_paths = globals->get_aircraft_paths();
+ for( string_list::const_iterator it = aircraft_paths.begin();
+ it != aircraft_paths.end();
+ ++it )
+ {
+ read_allowed_paths.push_back(fgNormalizePath(*it) + "/*");
+ }
+
+ for( string_list::const_iterator it = read_allowed_paths.begin();
+ it != read_allowed_paths.end();
+ ++it )
+ { // if we get the initialization order wrong, better to have an
+ // obvious error than a can-read-everything security hole...
+ if (!(it->compare("/*"))){
+ flightgear::fatalMessageBox("Nasal initialization error",
+ "Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT",
+ "or fgInitAllowedPaths() called too early");
+ exit(-1);