Octave restricted mode?

octave-maintainers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Octave restricted mode?

From:	Jaroslav Hajek
Subject:	Octave restricted mode?
Date:	Mon, 15 Mar 2010 11:57:58 +0100

hi all,

for use of Octave in web applications (which I'm myself interested
in), I started to think about allowing Octave to run in a "secure"
mode.
For instance, it could include the following restrictions:

1. spawning external processes (system, popen, fork, exec etc) is not allowed
2. cd is not allowed
3. mkfifo, symlink, etc are not allowed
4. addpath etc. are not allowed
5. only files in current directory can be fopen()-ed, stat()-ed etc.
6. likewise for other compiled functions where this is possibly needed.

I know this won't make Octave hacker-proof, because exploitable bugs
(like buffer overruns) are to be expected in Octave, but at least it
should make it significantly harder to hack a web application
providing access to Octave terminal.

thoughts?

-- 
RNDr. Jaroslav Hajek, PhD
computing expert & GNU Octave developer
Aeronautical Research and Test Institute (VZLU)
Prague, Czech Republic
url: www.highegg.matfyz.cz

[Prev in Thread]

Current Thread

[Next in Thread]

Octave restricted mode?, Jaroslav Hajek <=
- Octave restricted mode?, John W. Eaton, 2010/03/15
  - Re: Octave restricted mode?, Jaroslav Hajek, 2010/03/16
- Re: Octave restricted mode?, Dupuis, 2010/03/16

Prev by Date: GCC of MinGW was updated to 4.5.0
Next by Date: Octave restricted mode?
Previous by thread: GCC of MinGW was updated to 4.5.0
Next by thread: Octave restricted mode?
Index(es):
- Date
- Thread