Hi,
I am trying to tighten file I/O security on a process that passes a
user-supplied script to R CMD Batch. Broadly speaking, I'd like to restrict
I/O to a designated path on the file system. Right now, I'm trying to
address this in the R environment by forcing the script to use modified
versions of scan, read.table, sys.load.image, etc.
I can run a replace string on the user-supplied script so that, for example,
"scan(" is replaced by "safe.scan("
e.g.
> SafePath <- function(file)
{fp<-strsplit(file,"/");paste("safepath",fp[[1]][length(fp[[1]])],sep="/")}
> SafePath("/etc/passwd")
[1] "safepath/passwd"
> Safe.scan <- function(file, ...) scan(SafePath(file),...)
> Safe.scan("/etc/passwd",what="",sep="\n")
Error in file(file, "r") : unable to open connection
In addition: Warning message:
cannot open file 'safepath/passwd', reason 'No such file or directory'
I'd appreciate any critique of this approach. Is there something more
effective or elegant?
Regards,
Mike
[[alternative HTML version deleted]]
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
