Re: Disabling dangerous commands

[Thomas Karpiniec]

On Sat, May 29, 2010 at 05:55:13AM -0700, Sergei Steshenko wrote:
> --- On Sat, 5/29/10, Thomas Karpiniec <address@hidden> wrote:
> > I could always patch octave, of course. Does anyone know if
> > there is
> > a neater way?
> 
> Use a virtual machine of your liking.

Thanks for the suggestion -- it's a good one. However, keeping the
physical machine safe is only half the story. Supposing I went further
and set up octave in as small a chroot jail as I could with
permissions set up so the octave process can't touch the disk there
are still things like urlread() and urlwrite() which I'd like to
block.

All of this would probably work quite well, but it's complicated to
come at it from the perspective of "what are all the bad things a UNIX
program could possibly do?". If I could block particular octave
commands too then that would make me happier. If anyone can tell me a
straightforward way to do that, that would be lovely. If not I'll
carry on with some sort of OS-level-only solution.

Regards,

Tom

signature.asc
Description: Digital signature