New option --sandbox (disables r/w/e commands)

[Assaf Gordon]

Hello,

I'd like to suggest a new option to sed: "sandbox" mode.
When used, programs containing the r/w/e commands are rejected without being 
run.
This ensures that sed operates only on the file specified on the command-line, 
and cannot affect the system.

Some background:
This feature is useful (in fact, required) when sed is used as web-based 
service, in which users can specify the sed script they want to execute on a 
given file.
Such a scenario is available in a commonly-used bioinformatics web-based 
platform called "Galaxy" ( https://galaxyproject.org ).
Galaxy allows non-technically-savvy users to upload files, and run multitude of 
programs on these files.
Among these programs, 'sed' and 'awk' and 'grep':
  http://files.housegordon.org/imgs/galaxy-awk-tool.png
  http://files.housegordon.org/imgs/galaxy-sed-tool.png
  http://files.housegordon.org/imgs/galaxy-grep-tool.png
or to see it in action, visit https://usegalaxy.org/ and enter 'sed/awk/grep' 
in the "search tools" box.


An identical option was added to GNU Awk in 2008
( in 
http://git.savannah.gnu.org/cgit/gawk.git/commit/?id=40b3741f63c19e38077d57f4ce4737916ec5073e
 ,
  search the log message for "sandbox" from 30-Dec-2008 ).

I suggested this option to sed off-list back in the day, but did not follow-up 
on it (and sed's development has stalled for a while). So I've been maintaining 
a separate patch against sed-4.1.5 and sed-4.2.2 since then.

I hope the code changes are minimal enough to be weighted positively against 
the extra 'bloat'.

comments and suggestions welcomed.
regards,
 - assaf

This electronic message is intended for the use of the named recipient only, 
and may contain information that is confidential, privileged or protected from 
disclosure under applicable law. If you are not the intended recipient, or an 
employee or agent responsible for delivering this message to the intended 
recipient, you are hereby notified that any reading, disclosure, dissemination, 
distribution, copying or use of the contents of this message including any of 
its attachments is strictly prohibited. If you have received this message in 
error or are not the named recipient, please notify us immediately by 
contacting the sender at the electronic mail address noted above, and destroy 
all copies of this message. Please note, the recipient should check this email 
and any attachments for the presence of viruses. The organization accepts no 
liability for any damage caused by any virus transmitted by this email.

0001-sed-new-S-sandbox-option.patch
Description: 0001-sed-new-S-sandbox-option.patch

ATT00001.txt
Description: ATT00001.txt