[Rd] locking down R

R. Michael Weylandt michael.weylandt at gmail.com
Mon May 20 00:08:31 CEST 2013


On Sun, May 19, 2013 at 7:16 PM, Ben Bolker <bbolker at gmail.com> wrote:
>
>   Is anyone on this list aware of discussions about locking down/securing R?
>
>   My colleagues and I are working with health statistics in an office
> that disallows many useful tools (e.g. emacs, vim, perl, make) on the
> grounds that they represent a security risk.  We are considering pushing
> back, but we are worried that if we attract the attention of the Powers
> That Be to the reality that R allows execution of arbitrary shell
> commands, they will then disallow the use of R (SAS and Stata are our
> other optiona). It might be useful to be able to give them options for
> securing R.
>
>   Possibly useful information:
>
> * the office allows use of SAS (and Stata, MLWiN, etc.) but uses the
> NOXCMD specification to prevent shell access from within SAS. They also
> disallow access to the Windows shell (in the current configuration,
> shell() works fine from within R, but we think this may have escaped
> their notice ...) The workstations have no access to external networks,
> nor to external media (thumb drives etc.) [information transfer to the
> outside world is via shared drives that can be accessed by
> administrators with network access].
>
> * I stipulate that (1) the security policies don't make sense, (2)
> allowing users access to arbitrary shell commands should _not_ represent
> a security risk on a well-administered, modern operating system (they're
> running WinXP), (3) R probably offers many other avenues for system
> access to a malicious user, even in the absence of shell access,
> compilers, etc..

If you really mean a "modern operating system"... ;-)

http://arxiv.org/abs/1303.4808

Cheers,
MW

>
> * I suspect the answer given here will be "if you really want to secure
> R, run it within a standard restricted-access shell (e.g. chroot on a
> Linux system)".  If anyone has experience of 'locking down' R on Windows
> (XP) in a sensitive environment, I'd be curious about the details.
>
>  thanks
>   Ben Bolker
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel



More information about the R-devel mailing list