Hello, I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ): I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection).
I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR. Specifically, preventing any kind of interaction with the underlying operating system (files, sockets, system(), etc.). I've found this old thread: http://r.789695.n4.nabble.com/R-in-a-sandbox-jail-td921991.html But for technical reasons I'd prefer not to setup a chroot jail. I have written a patch that adds a "--sandbox" parameter. When this parameter is used, the user's script can't create any kind of connection object or run "system()". My plan is to run R like this: cat INPUT | R --vanila --slave --sandbox --file SCRIPT.R > OUTPUT Where 'INPUT' is my chosen input and 'SCRIPT.R' is the script submitted by the user. If the script tries to create a conncetion or run a disabled function, an error is printed. This is the patch: http://cancan.cshl.edu/labmembers/gordon/files/R_2.11.0_sandbox.patch So my questions are: 1. Would you be willing to consider this feature for inclusion ? 2. Are there any other 'dangerous' functions I need to intercept ( ".Internal" perhaps ?) All comments and suggestions are welcomed, thanks, -gordon ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel