Hello,
I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ): I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection).
I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR. Specifically, preventing any kind of interaction with the underlying operating system (files, sockets, system(), etc.).
I've found this old thread:
http://r.789695.n4.nabble.com/R-in-a-sandbox-jail-td921991.html
But for technical reasons I'd prefer not to setup a chroot jail.
I have written a patch that adds a "--sandbox" parameter. When this parameter is used, the user's script can't create any kind of connection object or run "system()".
My plan is to run R like this:
cat INPUT | R --vanila --slave --sandbox --file SCRIPT.R > OUTPUT
Where 'INPUT' is my chosen input and 'SCRIPT.R' is the script submitted by the user. If the script tries to create a conncetion or run a disabled function, an error is printed.
This is the patch:
http://cancan.cshl.edu/labmembers/gordon/files/R_2.11.0_sandbox.patch
So my questions are:
1. Would you be willing to consider this feature for inclusion ?
2. Are there any other 'dangerous' functions I need to intercept ( ".Internal" perhaps ?)
All comments and suggestions are welcomed, thanks,
-gordon
Archive maintained by Robert King, hosted by
the discipline of
statistics at the
University of Newcastle,
Australia.
Archive generated by hypermail 2.2.0, at Fri 21 May 2010 - 01:10:33 GMT.
Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.