[Rd] question

[Peter Dalgaard BSA]

Erich Neuwirth <erich.neuwirth@univie.ac.at> writes:

> here is another question (kurt already knows about it). i would like
> to do a client server version of R where the server can run on a
> unix box and the client is excel ond a win machine. the easiest
> solution would be running a stdin-stdout version of the server
> through inetd. but this is vulnerable. so what is needed is a
> sandbox version of the server, where no acrtive access to the file
> system is open and where spawning processes is disabled. are there
> any plans for doing such a version?

No immediate plans no.

It sounds a bit dangerous with dyn.load and whatnot floating around.
What would be more likely to work would be to have a version of R that
would immediately chroot() to a directory specified on the command
line and an inetd.conf entry like

auth stream  tcp nowait  nobody  \
   /usr/sbin/tcpd in.Rdaemon --chroot=/usr/lib/Rdaemon 

and setup /usr/lib/Rdaemon as a "chroot jail" with no write
permissions and /bin and /lib subdirectories with only the few system
commands and .so files needed to run (if there are any), and with an
/RHOME tree with packages and soforth. That way, it could do little
damage apart from eating CPU cycles. (Much like the way in which
anonymous FTP is set up).
-- 
   O__  ---- Peter Dalgaard             Blegdamsvej 3  
  c/ /'_ --- Dept. of Biostatistics     2200 Cph. N   
 (*) \(*) -- University of Copenhagen   Denmark      Ph: (+45) 35327918
~~~~~~~~~~ - (p.dalgaard@biostat.ku.dk)             FAX: (+45) 35327907
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._