[Radiance-dev] Radiance file type registration
Lars O. Grobe
grobe at gmx.net
Mon Feb 23 17:55:08 PST 2009
> Finally got a reply on this. They think it's pretty good but want
more on security for the type.
Hi,
did you only submit the hdr or also the scene description types?
Security-wise, the rad-files have to be treated as scripts, as they
allow any command to be executed from within (using the !-prefix), so I
guess this leads to a very different classification then hdr's. Not sure
what kind of nonsense an attacker could hide inside an octree though (I
doubt that there are any security checks in Radiance about memory
protection here?) - but I am just a non-developer on the wrong list,
without inside-knowledge on the implementation here ;-)
CU Lars.
More information about the Radiance-dev
mailing list