Thanks everyone for these comments, they're great. I see the exposure
points and your collective comments have given me a lot to think about.
Eventually, I will need a "sandbox" solution. I think I'll be needing help,
and if there are any freelancers interested in discussing offline, please
cont
On Thu, 16 Aug 2007, Simon Urbanek wrote:
> Thinking along these lines, we actually have a mechanism for
> replacing the system call (it's used by the Mac GUI to allow root
> calls) and one could think of expanding this to all critical
> operations. Clearly, there are issues (speed for example), b
Thinking along these lines, we actually have a mechanism for
replacing the system call (it's used by the Mac GUI to allow root
calls) and one could think of expanding this to all critical
operations. Clearly, there are issues (speed for example), but it
would be nice to have a 'fortified' v
> The issue is more about whether he wants to limit *all* file system
> access or just limiting to certain areas. For the former,
> I would set up a chroot jail and run R from within; for the latter,
> I would probably do something with LD_LIBRARY_PRELOAD to override
> all the file system accessin
Well, I think there are some serious use e.g. offering a web server
for script uploaded then downloading the Rout result back...
The issue is more about whether he wants to limit *all* file system
access or just limiting to certain areas. For the former,
I would set up a chroot jail and run R fro
Thanks for your note Hadley,
I would like to defend against a broad range of malicious activity, but the
focus of this module is to restrict file I/O to a specific area on the file
system. I agree that's it's impossible to prevent, but I'm trying to
increase the difficulty level.
The user is inh
What are you trying to defend against? A serious attacker could still
use rm/assign/get/eval/... to circumvent your replaced functions. I
think it would be very difficult (if not impossible) to prevent this
from happening), especially if the user can load packages.
Hadley
On 8/16/07, Michael Ca
Hi,
I am trying to tighten file I/O security on a process that passes a
user-supplied script to R CMD Batch. Broadly speaking, I'd like to restrict
I/O to a designated path on the file system. Right now, I'm trying to
address this in the R environment by forcing the script to use modified
version
