lists at mwoywod.de
2012-Feb-20 17:17 UTC
[R] Disabling shell access through system() possible?
Hi! I'm deploying R behind a web-app on a linux-server and I don't want to grant the users shell access through the system() function for security reasons. Is there any safe way to deny a user access to the function? I tried a) alter the function in the R-Sources before compiling them. Doesn't seem to work because system() is apparently needed during the build. b) Redefine system() in the global Rprofile. Leads to of course to some warning messages at any session start and feels generally kludgy and unsafe. Best Regards M.W.
On Mon, Feb 20, 2012 at 06:17:23PM +0100, lists at mwoywod.de wrote:> Hi! I'm deploying R behind a web-app on a linux-server and I don't want > to grant the users shell access through the system() function for > security reasons. > > Is there any safe way to deny a user access to the function?Hi. Disabling system() is not sufficient. The user may call directly .Internal(system(, )) Other dangerous things may be opening connections with write access or manipulation with files. In particular, pipe() can also run a command. It could be better to run R under a user name with restricted permissions. Petr Savicky.