[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sharing scripts
From: |
MathCloud |
Subject: |
Re: Sharing scripts |
Date: |
Mon, 15 Mar 2010 01:55:11 -0700 (PDT) |
Hi Jaroslav,
Your input is very valuable. I saw your testing this morning and it caused
me to shut down the server immediately. I did not know if you were a person
with malicious intensions or not. Anyway, that is why don't get any answers
right now.
You definitly found a big hole, and I need to shut it before restarting the
server.
Will happen later today.
A restricted interpreter mode would be very valuable for this kind of
application, it should be much easier to just disallow some commands in
Otave.
Best regards,
Anders
MathCloud.se
Jaroslav Hajek-2 wrote:
>
> On Sun, Mar 14, 2010 at 12:15 PM, MathCloud <address@hidden>
> wrote:
>>
>> Hi Sören,
>>
>> The service is free to use, just sign up and give it a try. Right now
>> there
>> is still quite a few bugs but I hope to get rid of them soon. Also, the
>> user
>> interface will be improved.
>>
>> Major issues at this point:
>> - Does not work with firefox browser
>> - You can only plot from the command line, not in scripts
>> - You will only get the printing from your script after it has finished,
>> you
>> can't print to check progress.
>>
>> I will fix these problems as soon as possible.
>>
>> I am not sure what you mean by making the source code available? You mean
>> the code that implements the web interface? If so, that is not my
>> intention
>> at this point.
>>
>> I hope you will try this service and find it useful!
>>
>> Best regards,
>>
>> Anders
>> MathCloud.se
>>
>
>
> Hi,
>
> I just did some testing. I see you are now filtering system-related
> words like "system". There are still problems, though:
> 1. You seem to always simply filter the whole line. This forbids also
> harmless stuff like
> text = "I hate this system";
> 2. It's still not enough. For instance, I was able to call system by
> things like this:
> sys = ["sys", "tem"];
> feval (sys, "<any system command>")
>
> To combat this, you would need to also forbid feval and eval
> completely, but I think that's going to cripple the interpreter.
> The thing is that parsing the commands correctly is a complicated
> business. It would be much better if the potentially harmful calls
> were filtered directly in Octave, i.e. if Octave provided a
> "restricted" interpreter mode. What do you think?
>
>
> ps. apparently I screwed something up while trying, because I'm now
> getting the output
> fid = 4
> for any input I send. I hope you'll sort it out.
>
>
> --
> RNDr. Jaroslav Hajek, PhD
> computing expert & GNU Octave developer
> Aeronautical Research and Test Institute (VZLU)
> Prague, Czech Republic
> url: www.highegg.matfyz.cz
>
> _______________________________________________
> Help-octave mailing list
> address@hidden
> https://www-old.cae.wisc.edu/mailman/listinfo/help-octave
>
>
--
View this message in context:
http://old.nabble.com/Sharing-scripts-tp27847186p27901647.html
Sent from the Octave - General mailing list archive at Nabble.com.
- Re: Sharing scripts, (continued)
- Re: Sharing scripts, Jaroslav Hajek, 2010/03/11
- Re: Sharing scripts, Michael Creel, 2010/03/13
- Re: Sharing scripts, Søren Hauberg, 2010/03/13
- Re: Sharing scripts, MathCloud, 2010/03/14
- Re: Sharing scripts, Jaroslav Hajek, 2010/03/15
- Re: Sharing scripts,
MathCloud <=
- Re: Sharing scripts, Jaroslav Hajek, 2010/03/15
- Re: Sharing scripts, MathCloud, 2010/03/15
- Re: Sharing scripts, Jaroslav Hajek, 2010/03/15
- Re: Sharing scripts, Doug Stewart, 2010/03/15
- RE: Sharing scripts, dastew, 2010/03/15
- RE: Sharing scripts, MathCloud, 2010/03/15
- Re: Sharing scripts, Sergei Steshenko, 2010/03/15
- Re: Sharing scripts, Francesco Potortì, 2010/03/15
- Re: Sharing scripts, John W. Eaton, 2010/03/15
- Re: Sharing scripts, Søren Hauberg, 2010/03/19