[Rd] How to document man/*.Rd pages with images?
Hadley Wickham
hadley at rice.edu
Wed May 11 23:31:18 CEST 2011
> Oh, my ... it's worse than I thought. Not only does it run things so you have to wait forever - it actually installs packages behind your back! Wow, now there is the nightmare abuse of \Sexpr - the malicious package retrieves private data from your machine and deletes your files... and I was worrying about leaving a tiny crack open for Rhttpd injection attacks - yet there is a big gaping door open to all packages ... Does it mean we need more stringent checks on Rd files now as well since they contain code?
As long as you realise Rd files can run arbitrary R code, you're no
worse off than you were before Rd files could run code. No one is
checking that there's not a function in ggplot2 that secretly sends me
all your code and data ;)
Hadley
--
Assistant Professor / Dobelman Family Junior Chair
Department of Statistics / Rice University
http://had.co.nz/
More information about the R-devel
mailing list