Re: [Rd] R in sandbox/jail (long question)

Tue, 18 May 2010 19:50:52 -0700 

On 18/05/2010 10:38 PM, Assaf Gordon wrote:

Hello,

I have a setup similar to Rweb (  http://www.math.montana.edu/Rweb/ ):
I get R scripts from users and need to execute them in in a safe manner (they 
are executed automatically, without human inspection).

I would like to limit the user's script to reading from STDIN and writing to 
STDOUT/ERR.
Specifically, preventing any kind of interaction with the underlying operating 
system (files, sockets, system(), etc.).

I've found this old thread:
http://r.789695.n4.nabble.com/R-in-a-sandbox-jail-td921991.html
But for technical reasons I'd prefer not to setup a chroot jail.

I have written a patch that adds a "--sandbox" parameter.
When this parameter is used, the user's script can't create any kind of connection object 
or run "system()".
That sounds too restrictive. R uses connections internally in various places, with no reference to the file system. It also uses them when reading its own files. So if you stop a user from creating connections, you'll somehow need to distinguish between user-created ones and internally necessary ones: not easy. 


My plan is to run R like this:

cat INPUT | R --vanila --slave --sandbox --file SCRIPT.R > OUTPUT

Where 'INPUT' is my chosen input and 'SCRIPT.R' is the script submitted by the 
user.
If the script tries to create a conncetion or run a disabled function, an error 
is printed.

This is the patch:
http://cancan.cshl.edu/labmembers/gordon/files/R_2.11.0_sandbox.patch

So my questions are:
1. Would you be willing to consider this feature for inclusion ?
2. Are there any other 'dangerous' functions I need to intercept ( ".Internal" 
perhaps ?)
.Internal is needed by tons of base functions. So again, you'll need to distinguish where the call is coming from, and that's not easy. 

Duncan Murdoch

All comments and suggestions are welcomed,
thanks,
   -gordon

______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel



______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel

Reply via email to