2015-01-26 17:17 UTC+01:00, Jeroen Demeyer <[email protected]>: > On 2015-01-26 03:53, [email protected] wrote: >> I noticed that someone can execute system commands in a sage notebook >> server. >> For instance >> sage:import os >> sage:os.system('ifconfig') >> >> Is there any way to disable this? > No.
To tell a bit more, Sage is built over Python. So you can not prevent the user from using Python in other ways by modifying yourself the Python that is shipped with Sage. Concrete things you can do to forbid users from doing anything are: - run the notebook with a user with very few permissions (for examples, you could forbid the right to execute ifconfig) - run the notebook in a virtual machine or in docker I guess that it is a combination of boths that it is needed in large scales. But for small scales, the first option is quite reasonable. Vincent -- You received this message because you are subscribed to the Google Groups "sage-support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-support. For more options, visit https://groups.google.com/d/optout.
