Re: Disabling dangerous commands

[Francesco Potortì]

>> Use a virtual machine of your liking.
>
>Thanks for the suggestion -- it's a good one. However, keeping the
>physical machine safe is only half the story. Supposing I went further
>and set up octave in as small a chroot jail as I could with
>permissions set up so the octave process can't touch the disk there
>are still things like urlread() and urlwrite() which I'd like to
>block.

The suggestion was of using a virtual machine, for which you can block
the network connections.  I do not think you can do the same with chroot.

>All of this would probably work quite well, but it's complicated to
>come at it from the perspective of "what are all the bad things a UNIX
>program could possibly do?". If I could block particular octave
>commands too then that would make me happier. If anyone can tell me a
>straightforward way to do that, that would be lovely. If not I'll
>carry on with some sort of OS-level-only solution.

There is no straightforward way.  I may be wrong, but all these
solutions have been already discussed.  The only possible way out seems
to be the virtual machine solution.  Look at the thread that starts
here:

https://www-old.cae.wisc.edu/pipermail/help-octave/2010-March/018417.html

-- 
Francesco Potortì (ricercatore)        Voice: +39 050 315 3058 (op.2111)
ISTI - Area della ricerca CNR          Fax:   +39 050 315 2040
via G. Moruzzi 1, I-56124 Pisa         Email: address@hidden
(entrance 20, 1st floor, room C71)     Web:   http://fly.isti.cnr.it/