[Rd] locking down R

Barry Rowlingson b.rowlingson at lancaster.ac.uk
Mon May 20 10:42:50 CEST 2013

On Sun, May 19, 2013 at 7:16 PM, Ben Bolker <bbolker at gmail.com> wrote:
>The workstations have no access to external networks,
> nor to external media (thumb drives etc.) [information transfer to the
> outside world is via shared drives that can be accessed by
> administrators with network access].
> * I stipulate that (1) the security policies don't make sense,

 Correct. If the machines aren't on an external network and have no
removable media then this isn't about security from the outside
hacker, its about trust. The organisation does not trust YOU.

> allowing users access to arbitrary shell commands should _not_ represent
> a security risk on a well-administered, modern operating system (they're
> running WinXP),

 When does WinXP go out of support? Even so, the PC isn't on the
network right? So what's the security issue? Doesn't make sense. You
can't stomp on other people's files. Would it matter if you could
accidentally see other people's files because they set permissions
loosely? How compartmentalised are the projects?

 (3) R probably offers many other avenues for system
> access to a malicious user, even in the absence of shell access,
> compilers, etc..

 The 'malicious user' here is on the inside. The only way to get on
the machine is to be physically there? Then a malicious user can only
be a trusted user gone bad. A sufficiently malicious user with
hardware access can (nearly) always break the thing open and get at
the data (even if it comes down to reading data lines with a tap to
get at unencrypted streams). Tell the security guys they need to lock
the PCs up in a room and provide thin client access over a secure
private network at once. Enjoy your new Windows Client Access License

 Glad I don't work for someone like that.


More information about the R-devel mailing list