> "SF" == Seth Falcon <[EMAIL PROTECTED]>
> on Wed, 15 Aug 2007 16:59:01 -0700 writes:
SF> Zhenhuan Cui <[EMAIL PROTECTED]> writes:
>> I created an add-on R package. In this package, there is
>> a line "require(pckgname)", because I need to call some
>> functions in
Hi,
I am trying to tighten file I/O security on a process that passes a
user-supplied script to R CMD Batch. Broadly speaking, I'd like to restrict
I/O to a designated path on the file system. Right now, I'm trying to
address this in the R environment by forcing the script to use modified
version
On Wed, 15 Aug 2007, Byron Ellis wrote:
> Hi all, I'm having a problem with some sort of interaction with try()
> and methods, I think.
>
> The setup is as follows, I have an S4 class that holds an environment
> and I would like to evaluate the right hand side of a function inside
> that environme
What are you trying to defend against? A serious attacker could still
use rm/assign/get/eval/... to circumvent your replaced functions. I
think it would be very difficult (if not impossible) to prevent this
from happening), especially if the user can load packages.
Hadley
On 8/16/07, Michael Ca
Thanks for your note Hadley,
I would like to defend against a broad range of malicious activity, but the
focus of this module is to restrict file I/O to a specific area on the file
system. I agree that's it's impossible to prevent, but I'm trying to
increase the difficulty level.
The user is inh
Hi all
I don't know if my message are correct in this forums.
I create a program in c++ who use statistical function. I want to execute
this function in R (in particular for use packages ade4, lattice,
bioconductor...)
Until now, my program work for simple function ("plot", "rnorm"...) but I
can'
Well, I think there are some serious use e.g. offering a web server
for script uploaded then downloading the Rout result back...
The issue is more about whether he wants to limit *all* file system
access or just limiting to certain areas. For the former,
I would set up a chroot jail and run R fro
> The issue is more about whether he wants to limit *all* file system
> access or just limiting to certain areas. For the former,
> I would set up a chroot jail and run R from within; for the latter,
> I would probably do something with LD_LIBRARY_PRELOAD to override
> all the file system accessin
Thinking along these lines, we actually have a mechanism for
replacing the system call (it's used by the Mac GUI to allow root
calls) and one could think of expanding this to all critical
operations. Clearly, there are issues (speed for example), but it
would be nice to have a 'fortified' v
On Thu, 16 Aug 2007, Simon Urbanek wrote:
> Thinking along these lines, we actually have a mechanism for
> replacing the system call (it's used by the Mac GUI to allow root
> calls) and one could think of expanding this to all critical
> operations. Clearly, there are issues (speed for example), b
On 8/16/07, Luke Tierney <[EMAIL PROTECTED]> wrote:
> On Wed, 15 Aug 2007, Byron Ellis wrote:
>
> > Hi all, I'm having a problem with some sort of interaction with try()
> > and methods, I think.
> >
> > The setup is as follows, I have an S4 class that holds an environment
> > and I would like to e
Thanks everyone for these comments, they're great. I see the exposure
points and your collective comments have given me a lot to think about.
Eventually, I will need a "sandbox" solution. I think I'll be needing help,
and if there are any freelancers interested in discussing offline, please
cont
On Thu, 16 Aug 2007, Byron Ellis wrote:
> On 8/16/07, Luke Tierney <[EMAIL PROTECTED]> wrote:
>> On Wed, 15 Aug 2007, Byron Ellis wrote:
>>
>>> Hi all, I'm having a problem with some sort of interaction with try()
>>> and methods, I think.
>>>
>>> The setup is as follows, I have an S4 class that h
On 8/16/07, Luke Tierney <[EMAIL PROTECTED]> wrote:
>
> There sae, at 2.5.0 I believe. At that point try was reimplemented in
> terms of tryCatch. That may have uncovered a bug in our code or
> yours, but without a reproducible example it's hard to say more.
An indeed, I believe I've got one. Tu
I think I understand the issue. The methods code uses R_tryCatch
internally in a few places, hoping I think for a C level variant of
tryCatch. It isn't meant to be used that way. It is intended only
for use in embedded contexts where there is no proper top level, or
possibly in contexts where co
On 8/16/07, Luke Tierney <[EMAIL PROTECTED]> wrote:
> I think I understand the issue. The methods code uses R_tryCatch
> internally in a few places, hoping I think for a C level variant of
> tryCatch. It isn't meant to be used that way. It is intended only
> for use in embedded contexts where th
16 matches
Mail list logo
