Re: Octave in Universities

[Paul Kienzle]

On Mar 11, 2006, at 1:56 PM, Etienne Grossmann wrote:

>   Afaik, few of my present or past colleagues use Octave - except
> perhaps Mai Zhou [1] at the math dept. of the U. of Kentucky, who
> maintains a web interface [2]. I will ask for his comments.

Thinking about web interfaces to octave, I got concerned about
the security implications.  For example, the system call gives
full access to the local shell, and there are commands like
fopen which can also be dangerous in the right hands.

I wrote a quick little function clear_builtin which removes
a function symbol from the current context, from the prompt
and from the builtin function list.  That means you don't have
to hack your version of octave to remove system().

A complete solution would clear a number of builtin functions
and provide oct-file replacements for alternatives which do
complete argument checking (e.g., fopen which strips all directory
information before opening).

Anyone want to put something together and add it to octave-forge?

- Paul

-- clear_builtin.cc --
#include <octave/oct.h>
#include <octave/symtab.h>

DEFUN_DLD(clear_builtin,args,nargout,"clear a builtin function")
{
  octave_value_list retval;
  if (args.length() != 1) {
    print_usage("clearfn");
  } else {
    std::string nm(args(0).string_value());
    if (!error_state) {
      fbi_sym_tab->clear(nm);
      curr_sym_tab->clear(nm);
      top_level_sym_tab->clear(nm);
    }
  }
  return retval;
}



-------------------------------------------------------------
Octave is freely available under the terms of the GNU GPL.

Octave's home on the web:  http://www.octave.org
How to fund new projects:  http://www.octave.org/funding.html
Subscription information:  http://www.octave.org/archive.html
-------------------------------------------------------------