On Tue, May 18, 2010 at 7:38 PM, Assaf Gordon wrote:
> I've found this old thread:
> http://r.789695.n4.nabble.com/R-in-a-sandbox-jail-td921991.html
> But for technical reasons I'd prefer not to setup a chroot jail.
>
I would also point out that the state of the art in the operating
system commun
How about some "computing on the language", something like this:
exprs <- parse("SCRIPT.R")
invalids <- c(".Internal", ".Primitive")
if( any( invalids %in% all.names(exprs) ) )
stop("sandbox check failed")
I believe this would prevent evaluating any direct calls to '.Primitive'
and '.Intern
I think you'll find it's a bit more complicated than that.
Firstly, R --sandbox is pretty crippled, since as far as I can tell it can't
load packages, since package loading uses gzfile(). This would include the
'stats' package. If you can load packages you would need to sanitize all
those
On 18/05/2010 10:38 PM, Assaf Gordon wrote:
Hello,
I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ):
I get R scripts from users and need to execute them in in a safe manner (they
are executed automatically, without human inspection).
I would like to limit the user's script
Hello,
I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ):
I get R scripts from users and need to execute them in in a safe manner (they
are executed automatically, without human inspection).
I would like to limit the user's script to reading from STDIN and writing to
STDOUT