On 6/29/11 8:20 AM, kcrisman wrote:
On Jun 29, 9:00 am, Jason Grout<[email protected]> wrote:
On 6/29/11 2:11 AM, Rolf wrote:
This is very strange.
There is something hidden in Seberino's worksheets that prevents them
from being executed automatically.
First I thought it is the comment added above the first cell. But his
new example demonstrates that this is obvious not core of the problem.
Both his example woksheets don't work on my system either, but if I
transfer all that is visible to a new worksheets the code works
perfectly.
Unfortunately, it is impossible to debug a worksheet or to read it
'manually' as a text file.
I wonder if it is possible to send viruses by worksheets?
I'm sure this is possible. For example, it would be trivial to write a
worksheet that does 'rm -rf $HOME' inside an autoexecute cell. If that
worksheet was downloaded and opened on a user's local computer, it would
be very bad.
But wouldn't that ordinarily require a sudo and password? I mean
under permissions that 'most' people have. Now you have me wary of
downloading worksheets...
Nope. If someone is running a worksheet on their personal Sage install,
it runs as themselves. Notice I didn't type "sudo" in the command
above. All I'm doing is deleting the entire home directory.
You *should* be wary of downloading untrusted worksheets and executing
them on your personal Sage install. You're executing arbitrary code
from untrusted sources.
Apparently we should implement this "don't execute uploaded worksheets
by default" and advertise this warning better.
Thanks,
Jason
--
To post to this group, send an email to [email protected]
To unsubscribe from this group, send an email to
[email protected]
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
