[R] registry vulnerabilities in R

Gabor Grothendieck ggrothendieck at gmail.com
Wed May 9 20:04:16 CEST 2012


On Wed, May 9, 2012 at 12:46 PM, Paul Martin <pamartin at alum.mit.edu> wrote:
> I don't have much new to add, but I want to make some clarifying comments:
>
> First, there are clearly workarounds available. I am using one now. R is
> installed on a personal laptop which I bring to work every day. I take
> extreme care with the nature of the files I move back and forth, and none of
> this is classified. This is common practice here. Yes, it would be nice if I
> could get R onto my desktop machine at work. It would save me burning CDs to
> move plots back and forth. But it's not the end of the world. My ability to
> get work done is not the issue here.
>
> The issue is the following: Is there anything her which is of concern to the
> R community? I suspect the answer is no, but cannot say anything for sure at
> this point.
>
> The registry analysis tool looks like it is custom software developed by the
> Air Force. I can't get any specific information beyond that. That is
> unfortunate, since it would be nice if the tests could be duplicated and
> confirmed.
>
> We will get separate tests on R without RStudio.
>
> The registry analysis reports results in two sections: Registry entries
> added and registry entries modified. There were no vulnerabilities found in
> the "entries modified" section. All of the vulnerabilities are listed under
> "entries added".
>

During the installation process its only the installer that sets any
registry values, not R itself.

Using the standard installer that comes with R it asks you whether you
want to save version numbers in the registry and whether you want to
create an association for RData files.  If you uncheck those then the
installation does not set any registry values.

        --
Statistics & Software Consulting
GKX Group, GKX Associates Inc.
tel: 1-877-GKX-GROUP
email: ggrothendieck at gmail.com



More information about the R-help mailing list