[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Disabling dangerous commands
From: |
Francesco Potortì |
Subject: |
Re: Disabling dangerous commands |
Date: |
Mon, 31 May 2010 10:11:57 +0200 |
>> Use a virtual machine of your liking.
>
>Thanks for the suggestion -- it's a good one. However, keeping the
>physical machine safe is only half the story. Supposing I went further
>and set up octave in as small a chroot jail as I could with
>permissions set up so the octave process can't touch the disk there
>are still things like urlread() and urlwrite() which I'd like to
>block.
The suggestion was of using a virtual machine, for which you can block
the network connections. I do not think you can do the same with chroot.
>All of this would probably work quite well, but it's complicated to
>come at it from the perspective of "what are all the bad things a UNIX
>program could possibly do?". If I could block particular octave
>commands too then that would make me happier. If anyone can tell me a
>straightforward way to do that, that would be lovely. If not I'll
>carry on with some sort of OS-level-only solution.
There is no straightforward way. I may be wrong, but all these
solutions have been already discussed. The only possible way out seems
to be the virtual machine solution. Look at the thread that starts
here:
https://www-old.cae.wisc.edu/pipermail/help-octave/2010-March/018417.html
--
Francesco Potortì (ricercatore) Voice: +39 050 315 3058 (op.2111)
ISTI - Area della ricerca CNR Fax: +39 050 315 2040
via G. Moruzzi 1, I-56124 Pisa Email: address@hidden
(entrance 20, 1st floor, room C71) Web: http://fly.isti.cnr.it/