Re: [Rd] Scanning a R script for potentially insidious commands

From: Simon Urbanek <simon.urbanek_at_r-project.org>
Date: Wed, 19 Dec 2012 13:10:43 -0500

On Dec 19, 2012, at 1:09 PM, Gabriel Becker wrote:

> Simon,
>
> I don't really have a horse in this race (as I said I didn't write sandboxR), but it seems like if you control library (to prevent "untrusted" packages, specifically including things like Rcpp and Rffi), and dyn.load the executing arbitrary compiled code issue can be curtailed. If I'm wrong please let me know, I'm always looking to learn.
>
> I assume XXXX in your example was some C code you whipped up and then loaded using one of the methods above? Or a .Call to an existing internal R function?
>

No, it's pure R code, I just didn't want to put the exploit on the list ...

Cheers,
S

> ~G
>
> On Wed, Dec 19, 2012 at 9:12 AM, Simon Urbanek <simon.urbanek_at_r-project.org> wrote:
> On Dec 19, 2012, at 11:21 AM, Gabriel Becker wrote:
>
> > See also: https://github.com/Rapporter/sandboxR
> >
> > sandboxR (not written by me) is a proof of concept for security inside R
> > (as opposed to security outside R as discussed above) via evaluating all R
> > commands in a specialized security environment (R environment that is)
> > which contains safe replacements for blacklisted functions.
> >
>
> It is a good example of false security. For the reasons mentioned before this doesn't work and can be circumvented:
>
> > sandbox("XXXX('tail /etc/group')")
> _developer:*:204:
> _locationd:*:205:
> _carddav:*:206:
> _detachedsig:*:207:
> _trustevaluationagent:*:208:
> _odchpass:*:209:
> _timezone:*:210:
> _lda:*:211:
> _cvms:*:212:
> _usbmuxd:*:213:
> [1] 0
>
> The problem is that you can try to plug holes (and sandboxR is trying hard to plug a lot of them), but there will always be new ones. It's simply the wrong approach IMHO.
>
> Cheers,
> Simon
>
>
>
> > HTH,
> > ~G
> >
> >
> >
> > On Wed, Dec 19, 2012 at 5:33 AM, Dirk Eddelbuettel <edd_at_debian.org> wrote:
> >
> >>
> >> Jeroen has a package devoted to the sandboxing approach in conjunction with
> >> the system-level AppArmor facility: RAppArmor. See
> >>
> >> http://cran.r-project.org/web/packages/RAppArmor/index.html
> >>
> >> and more details at
> >>
> >> https://github.com/jeroenooms/RAppArmor#readme
> >>
> >> Dirk
> >>
> >> --
> >> Dirk Eddelbuettel | edd@debian.org | http://dirk.eddelbuettel.com
> >>
> >> ______________________________________________
> >> R-devel_at_r-project.org mailing list
> >> https://stat.ethz.ch/mailman/listinfo/r-devel
> >>
> >
> >
> >
> > --
> > Gabriel Becker
> > Graduate Student
> > Statistics Department
> > University of California, Davis
> >
> > [[alternative HTML version deleted]]
> >
> > ______________________________________________
> > R-devel_at_r-project.org mailing list
> > https://stat.ethz.ch/mailman/listinfo/r-devel
> >
> >
>
>
>
>
> --
> Gabriel Becker
> Graduate Student
> Statistics Department
> University of California, Davis
>



R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Wed 19 Dec 2012 - 18:13:34 GMT

This quarter's messages: by month, or sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

All messages

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Thu 20 Dec 2012 - 21:12:57 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.

list of date sections of archive