[Rd] R in sandbox/jail (long question)
Duncan Murdoch
murdoch.duncan at gmail.com
Wed May 19 04:50:21 CEST 2010
On 18/05/2010 10:38 PM, Assaf Gordon wrote:
> Hello,
>
> I have a setup similar to Rweb ( http://www.math.montana.edu/Rweb/ ):
> I get R scripts from users and need to execute them in in a safe manner (they are executed automatically, without human inspection).
>
> I would like to limit the user's script to reading from STDIN and writing to STDOUT/ERR.
> Specifically, preventing any kind of interaction with the underlying operating system (files, sockets, system(), etc.).
>
> I've found this old thread:
> http://r.789695.n4.nabble.com/R-in-a-sandbox-jail-td921991.html
> But for technical reasons I'd prefer not to setup a chroot jail.
>
> I have written a patch that adds a "--sandbox" parameter.
> When this parameter is used, the user's script can't create any kind of connection object or run "system()".
>
That sounds too restrictive. R uses connections internally in various
places, with no reference to the file system. It also uses them when
reading its own files. So if you stop a user from creating connections,
you'll somehow need to distinguish between user-created ones and
internally necessary ones: not easy.
My plan is to run R like this:
> cat INPUT | R --vanila --slave --sandbox --file SCRIPT.R > OUTPUT
>
> Where 'INPUT' is my chosen input and 'SCRIPT.R' is the script submitted by the user.
> If the script tries to create a conncetion or run a disabled function, an error is printed.
>
> This is the patch:
> http://cancan.cshl.edu/labmembers/gordon/files/R_2.11.0_sandbox.patch
>
> So my questions are:
> 1. Would you be willing to consider this feature for inclusion ?
> 2. Are there any other 'dangerous' functions I need to intercept ( ".Internal" perhaps ?)
>
.Internal is needed by tons of base functions. So again, you'll need to
distinguish where the call is coming from, and that's not easy.
Duncan Murdoch
> All comments and suggestions are welcomed,
> thanks,
> -gordon
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>
More information about the R-devel
mailing list