Disabling dangerous commands

[Thomas Karpiniec]

Hi folks,

I'm trying to come up with a way of disabling commands such as
system(), fopen(), plot(), dlmwrite(), etc., which can spawn
subprocesses or interact with the rest of the system.

The reason I want to do this is that I have written an octave IRC bot
for GNU/Linux which allows you to do maths in-channel by forwarding
the input to an octave process and reading results back out to the
channel. Obviously I need to somehow lock it down so that users can't
wreak havoc on my system via octave. :)

I'm open to broader suggestions but my current feeling is that a list
of restricted commands within octave would provide the best
protection. I've searched online and through the manual and I haven't
been able to find a way to do that.

I could always patch octave, of course. Does anyone know if there is
a neater way?

Regards,

Tom

signature.asc
Description: Digital signature