I am always preparing me Sage "University wide" server..
I think I have a big security problem:
Sage create users (looking for this in my ldap server, but this changes
nothing from a public server where every one can create an account).
One an account is created, I can access and *destroy* all other
accounts; it is sufficient for this to log in on the notebook, then to
launch the python interpreter; at is point I can do:
system('ls -l /scratch/sage/.sage/sage_notebook/worksheets/')
and worse:
system('rm -rf /scratch/sage/.sage/sage_notebook/worksheets/foo')
Mmmpf...
Is there any way to avoid this ?
Yours
t.d.
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-support@googlegroups.com
To unsubscribe from this group, send email to
sage-support-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/sage-support
URLs: http://www.sagemath.org
-~----------~----~----~----~------~----~------~--~---
begin:vcard
fn:Thierry Dumont
n:Dumont;Thierry
org;quoted-printable;quoted-printable:Universit=C3=A9 Lyon 1 & CNRS.;Institut Camille Jordan -- Math=C3=A9matiques / Mathematics.
adr:;;43 Bd du 11 Novembre.;Villeurbanne;;69621;France
email;internet:tdum...@math.univ-lyon1.fr
title;quoted-printable:Ing=C3=A9nieur de Recherche / Research Engineer.
tel;work:04 72 44 85 23.
tel;fax:04 72 44 80 53
x-mozilla-html:FALSE
url:http://math.univ-lyon1.fr/~tdumont
version:2.1
end:vcard
