On Thu, 17 Sep 2009, David Arturo Macias Corona wrote:
Hi,
>> So the .dbf's are created in d: while indexs .z01's are created
>> in the folder where these belong to. Now the question is why this
>> behavior ? Przemek ?
It should be no difference. HBNETIO knows nothing about file type
or default file location. It simply creates files in places requested
by client.
>> NetIO suggests that "root" of any server will never be allowed to
>> be accessed. Am I correct?
By default NETIO server set as "root" directory the directory
which is returned by HB_DIRBASE(). In most of cases this function
should return absolute path to executed application (NETIO server).
You can test it by simple code:
proc main()
? HB_DIRBASE()
return
If HB_DIRBASE() doesn't return absolute path then the protection may
not work. In such way I suggest to set root path manually as 3-rd parameter
of NETIO_LISTEN() or NETIO_MTSERVER() functions. Please remember that
setting "" disable protection and client can access whole disk.
In one of last commit I fixed typo which could cause that leading
dir separators were moved before root path, i.e. for root path "c:\dir"
when client was requesting "\\file.xxx" NETIO server was accessing file
"\\c:\dir\file.xxx". I have no idea how it can be interpreted by some
OS-es. Maybe it was possible to use it to exploit the protection.
> Question remain: How you created .dbf files in d:\ (root dir) when
> netserver_os2.exe was running in d:\creative.ram\ ?
They are 4 possible answers:
1. HB_DIRBASE() does not return absolute path on your platform or
simply returns empty dir. Can you check what it returns?
Does it contain drive letter?
2. some strange root dir was explicitly set.
3. it was side effect of bug described above and you were using NETIO
server without my fix (BTW please remember that you have to keep
server and client version fixed)
4. there is still problem and in some situations (some OS/FS) it's
possible to break NETIO root dir protection.
best regards,
Przemek
_______________________________________________
Harbour mailing list
Harbour@harbour-project.org
http://lists.harbour-project.org/mailman/listinfo/harbour
