Re: [Rd] Scanning a R script for potentially insidious commands

From: Simon Urbanek <>
Date: Wed, 19 Dec 2012 10:46:52 -0500

On Dec 19, 2012, at 7:38 AM, Joris Meys wrote:

> On Wed, Dec 19, 2012 at 1:02 PM, Jan T Kim <> wrote:

>> On Wed, Dec 19, 2012 at 12:39:21PM +0100, Joris Meys wrote:
>>> The safest way to prevent attacks using an R connector, is managing the
>>> permissions for the application on your own server. We do that with the
>>> RStudio Server application we have running. You have to take into account
>>> that R allows for many interactions with the system. Also file(), dir(),
>>> unlink() and all sys. functions have the potential to screen and possibly
>>> alter your system. Not only system() and eval() pose a security
>> problem...
>> just out of curiosity, how do you disable these functions?

> You got me wrong: We don't disable these functions, we just don't give the
> R instance that's executing the file any permissions on the system. So
> trying to run any function that wants to access the system only results in
> error messages. I believe we did that by creating a specific user account
> and linked that to the R application behind the interface. But sandboxing
> (as you mentioned) is just as good.

Creating a *specific* user is not enough as instances can affect each other (i.e. any job running on such system is in jeopardy - you never know if your results were modified by a malicious process). Rserve allows separate uid/gid per connection so that's one way to tackle that - it also makes the separation easier. As Dirk pointed out on Linux there is AppArmor and sandbox on OS X if you want to limit what the user can do.

And, indeed, trying to filter commands is not the right way as it's trivial to circumvent - anyone with access to R has the capability to run arbitrary native code with .C/.Call and you can't disable that without making R unusable.


> --
> Joris Meys
> Statistical consultant
> Ghent University
> Faculty of Bioscience Engineering
> Department of Mathematical Modelling, Statistics and Bio-Informatics
> tel : +32 9 264 59 87
> -------------------------------
> Disclaimer :
> [[alternative HTML version deleted]]
> ______________________________________________
> mailing list
> mailing list Received on Wed 19 Dec 2012 - 15:50:13 GMT

This quarter's messages: by month, or sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

All messages

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Wed 19 Dec 2012 - 16:52:53 GMT.

Mailing list information is available at Please read the posting guide before posting to the list.

list of date sections of archive