Re: [R] Security issue

From: Prof Brian Ripley <>
Date: Wed, 02 Apr 2008 11:52:24 +0100 (BST)

Well, of course it isn't true -- no piece of software is 'as safe as possible'. I think some IT managers would prefer not to run any OSes on their machines -- now, that is pretty safe (especially if they are then switched off to say energy).

You haven't told us your OS -- and that usually means it is Windows (or Mac OS). A reasonable question then is 'is R as safe than Windows'. However when you start R it says

         R is free software and comes with ABSOLUTELY NO WARRANTY.

so you are not going to get any warranty about this. But it seems faintly ludicrous to ask if R is safe if you run an unsafe OS -- R is as safe as the system calls it uses (and any others you manage to run via exploits, although I am unaware of known exploits -- the few reports have been on at-the-time obsolete versions of R). So just don't actually run R in an admnistrator account.

On Wed, 2 Apr 2008, Hanek Martin wrote:

> Hello,
> I am trying to convince our IT Manager that R is as safe as possible
> from IT security point of view - could you point me to something on the
> web / some reasons for why this is true? I do not think he has a
> specific concern but does not know the software and would like to
> understand the security implications.

But surely that is his job! Our Computing Manager certainly has it in his job description -- and he does allow R on our systems (owned by non-administrator accounts).

> Thanks in advance
> Best Regards
> Martin Hanek
> Actuarial Analyst
> Glacier Reinsurance AG
> Churerstr. 78
> CH-8808 Pf??fikon SZ
> T +41 55 417 3431
> F +41 55 417 3434
> This e-mail, including any attachments, is for the inten...{{dropped:12}}

Brian D. Ripley,        
Professor of Applied Statistics,
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

______________________________________________ mailing list
PLEASE do read the posting guide
and provide commented, minimal, self-contained, reproducible code.
Received on Wed 02 Apr 2008 - 10:55:31 GMT

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Wed 02 Apr 2008 - 11:30:26 GMT.

Mailing list information is available at Please read the posting guide before posting to the list.

list of date sections of archive