return SGPath();
}
-void FGGlobals::append_fg_scenery (const std::string &paths)
+void FGGlobals::append_fg_scenery (const std::string &paths, bool secure)
{
SGPropertyNode* sim = fgGetNode("/sim", true);
// out, such that all three dirs are added. Unfortunately there's
// no information as to why the change was made.
fg_scenery.push_back(abspath.str());
+ if (secure) {
+ secure_fg_scenery.push_back(abspath.str());
+ }
if (terrainDir.exists()) {
fg_scenery.push_back(terrainDir.str());
void FGGlobals::clear_fg_scenery()
{
fg_scenery.clear();
+ secure_fg_scenery.clear();
}
void FGGlobals::set_catalog_aircraft_path(const SGPath& path)
// Roots of FlightGear scenery tree
string_list fg_scenery;
+ string_list secure_fg_scenery;
std::string browser;
void set_fg_home (const std::string &home);
inline const string_list &get_fg_scenery () const { return fg_scenery; }
- void append_fg_scenery (const std::string &scenery);
+ inline const string_list &get_secure_fg_scenery () const { return secure_fg_scenery; }
+ /**
+ * Add a scenery directory
+ *
+ * secure = allow Nasal to read this directory; to avoid
+ * can-read-any-file security holes, do NOT set this on directories
+ * obtained from the property tree (e.g. /sim/terrasync/scenery-dir)
+ * or other Nasal-writable places
+ */
+ void append_fg_scenery (const std::string &scenery, bool secure = false);
void clear_fg_scenery();
static int
fgOptFgScenery( const char *arg )
{
- globals->append_fg_scenery(arg);
+ globals->append_fg_scenery(arg, true);
return FG_OPTIONS_OK;
}
// now options are process, do supplemental fixup
const char *envp = ::getenv( "FG_SCENERY" );
if (envp) {
- globals->append_fg_scenery(envp);
+ globals->append_fg_scenery(envp, true);
}
// download dir fix-up
/**
* Allowed paths here are absolute, and may contain _one_ *,
* which matches any string
- * FG_SCENERY is deliberately not allowed, as it would make
- * /sim/terrasync/scenery-dir a security hole
*/
void fgInitAllowedPaths()
{
read_allowed_paths.push_back(fg_root + sep + "*");
read_allowed_paths.push_back(fg_home + sep + "*");
string_list const aircraft_paths = globals->get_aircraft_paths();
- for( string_list::const_iterator it = aircraft_paths.begin();
- it != aircraft_paths.end();
- ++it )
+ string_list const scenery_paths = globals->get_secure_fg_scenery();
+ // not plain fg_scenery, to avoid making
+ // /sim/terrasync/scenery-dir a security hole
+
+ for( string_list::const_iterator it = aircraft_paths.begin();;++it )
{
+ if (it == aircraft_paths.end()) {
+ it = scenery_paths.begin();
+ }
+ if (it == scenery_paths.end()) {
+ break; // here rather than in the loop condition because
+ // scenery_paths may be empty
+ }
// if we get the initialization order wrong, better to have an
// obvious error than a can-read-everything security hole...
if (it->empty() || fg_root.empty() || fg_home.empty()){
flightgear::fatalMessageBox("Nasal initialization error",
- "Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT",
- "or fgInitAllowedPaths() called too early");
+ "Empty string in FG_ROOT, FG_HOME, FG_AIRCRAFT or FG_SCENERY",
+ "or fgInitAllowedPaths() called too early");
exit(-1);
}
read_allowed_paths.push_back(SGPath(*it).realpath() + sep + "*");
projects / flightgear.git / commitdiff