[Rd] R in sandbox/jail (long question)
Assaf Gordon
assafgordon at gmail.com
Wed May 19 04:38:36 CEST 2010
Hello,
I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ):
I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection).
I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR.
Specifically, preventing any kind of interaction with the underlying operating system (files, sockets, system(), etc.).
I've found this old thread:
http://r.789695.n4.nabble.com/R-in-a-sandbox-jail-td921991.html
But for technical reasons I'd prefer not to setup a chroot jail.
I have written a patch that adds a "--sandbox" parameter.
When this parameter is used, the user's script can't create any kind of connection object or run "system()".
My plan is to run R like this:
cat INPUT | R --vanila --slave --sandbox --file SCRIPT.R > OUTPUT
Where 'INPUT' is my chosen input and 'SCRIPT.R' is the script submitted by the user.
If the script tries to create a conncetion or run a disabled function, an error is printed.
This is the patch:
http://cancan.cshl.edu/labmembers/gordon/files/R_2.11.0_sandbox.patch
So my questions are:
1. Would you be willing to consider this feature for inclusion ?
2. Are there any other 'dangerous' functions I need to intercept ( ".Internal" perhaps ?)
All comments and suggestions are welcomed,
thanks,
-gordon
More information about the R-devel
mailing list