Re: [Rd] Scanning a R script for potentially insidious commands

From: Simon Urbanek <simon.urbanek_at_r-project.org>
Date: Wed, 19 Dec 2012 10:46:52 -0500

On Dec 19, 2012, at 7:38 AM, Joris Meys wrote:

> On Wed, Dec 19, 2012 at 1:02 PM, Jan T Kim <jttkim@googlemail.com> wrote:
>

>> On Wed, Dec 19, 2012 at 12:39:21PM +0100, Joris Meys wrote:
>>> The safest way to prevent attacks using an R connector, is managing the
>>> permissions for the application on your own server. We do that with the
>>> RStudio Server application we have running. You have to take into account
>>> that R allows for many interactions with the system. Also file(), dir(),
>>> unlink() and all sys. functions have the potential to screen and possibly
>>> alter your system. Not only system() and eval() pose a security
>> problem...
>> 
>> just out of curiosity, how do you disable these functions?

>
>
> You got me wrong: We don't disable these functions, we just don't give the
> R instance that's executing the file any permissions on the system. So
> trying to run any function that wants to access the system only results in
> error messages. I believe we did that by creating a specific user account
> and linked that to the R application behind the interface. But sandboxing
> (as you mentioned) is just as good.
>

Creating a *specific* user is not enough as instances can affect each other (i.e. any job running on such system is in jeopardy - you never know if your results were modified by a malicious process). Rserve allows separate uid/gid per connection so that's one way to tackle that - it also makes the separation easier. As Dirk pointed out on Linux there is AppArmor and sandbox on OS X if you want to limit what the user can do.

And, indeed, trying to filter commands is not the right way as it's trivial to circumvent - anyone with access to R has the capability to run arbitrary native code with .C/.Call and you can't disable that without making R unusable.

Cheers,
Simon

> --
> Joris Meys
> Statistical consultant
>
> Ghent University
> Faculty of Bioscience Engineering
> Department of Mathematical Modelling, Statistics and Bio-Informatics
>
> tel : +32 9 264 59 87
> Joris.Meys_at_Ugent.be
> -------------------------------
> Disclaimer : http://helpdesk.ugent.be/e-maildisclaimer.php
>
> [[alternative HTML version deleted]]
>
> ______________________________________________
> R-devel_at_r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>
>



R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Wed 19 Dec 2012 - 15:50:13 GMT

This quarter's messages: by month, or sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

All messages

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Wed 19 Dec 2012 - 16:52:53 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.

list of date sections of archive