Re: Sharing scripts

[Francesco Potortì]

>I just did some testing. I see you are now filtering system-related
>words like "system". There are still problems, though:
>1. You seem to always simply filter the whole line. This forbids also
>harmless stuff like
>text = "I hate this system";
>2. It's still not enough. For instance, I was able to call system by
>things like this:
>sys = ["sys", "tem"];
>feval (sys, "<any system command>")
>
>To combat this, you would need to also forbid feval and eval
>completely, but I think that's going to cripple the interpreter.

I may be wrong, but filtering out commands is not the right way to go,
unless you are willing to also filter out "eval" and "feval".  Also,
this is not enough if you allow creating files and reading files for
execution.

As far as I can tell, the only way now (and simple enough) is to
redefine all system-related operations in the .octaverc script,
something like this (I had suggested it earlier, but maybe I was too
cryptic):

function unix ()
 error ("restricted", "unix cannot be used on this system")
endfunction

-- 
Francesco Potortì (ricercatore)        Voice: +39 050 315 3058 (op.2111)
ISTI - Area della ricerca CNR          Fax:   +39 050 315 2040
via G. Moruzzi 1, I-56124 Pisa         Email: address@hidden
(entrance 20, 1st floor, room C71)     Web:   http://fly.isti.cnr.it/