[Rd] Scanning a R script for potentially insidious commands
Simon Urbanek
simon.urbanek at r-project.org
Wed Dec 19 18:12:07 CET 2012
On Dec 19, 2012, at 11:21 AM, Gabriel Becker wrote:
> See also: https://github.com/Rapporter/sandboxR
>
> sandboxR (not written by me) is a proof of concept for security inside R
> (as opposed to security outside R as discussed above) via evaluating all R
> commands in a specialized security environment (R environment that is)
> which contains safe replacements for blacklisted functions.
>
It is a good example of false security. For the reasons mentioned before this doesn't work and can be circumvented:
> sandbox("XXXX('tail /etc/group')")
_developer:*:204:
_locationd:*:205:
_carddav:*:206:
_detachedsig:*:207:
_trustevaluationagent:*:208:
_odchpass:*:209:
_timezone:*:210:
_lda:*:211:
_cvms:*:212:
_usbmuxd:*:213:
[1] 0
The problem is that you can try to plug holes (and sandboxR is trying hard to plug a lot of them), but there will always be new ones. It's simply the wrong approach IMHO.
Cheers,
Simon
> HTH,
> ~G
>
>
>
> On Wed, Dec 19, 2012 at 5:33 AM, Dirk Eddelbuettel <edd at debian.org> wrote:
>
>>
>> Jeroen has a package devoted to the sandboxing approach in conjunction with
>> the system-level AppArmor facility: RAppArmor. See
>>
>> http://cran.r-project.org/web/packages/RAppArmor/index.html
>>
>> and more details at
>>
>> https://github.com/jeroenooms/RAppArmor#readme
>>
>> Dirk
>>
>> --
>> Dirk Eddelbuettel | edd at debian.org | http://dirk.eddelbuettel.com
>>
>> ______________________________________________
>> R-devel at r-project.org mailing list
>> https://stat.ethz.ch/mailman/listinfo/r-devel
>>
>
>
>
> --
> Gabriel Becker
> Graduate Student
> Statistics Department
> University of California, Davis
>
> [[alternative HTML version deleted]]
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>
>
More information about the R-devel
mailing list