[R] Restricting R session

Thomas Lumley tlumley at uw.edu
Wed Jan 11 23:29:05 CET 2012


2012/1/12 Uwe Ligges <ligges at statistik.tu-dortmund.de>:
>
>
> On 10.01.2012 20:30, Antonio Rodriges wrote:
>>
>> Hello,
>>
>> Is it possible to use R on public server where each user has its own
>> restricted R session?
>
>
> This entirely depends on the definition of "restricted", otherwise the
> answer is "yes".

More precisely, there are several packages that could provide separate
sessions, such as rserve and RApache.

It used to be possible to impose memory-use limits on the R heap
itself from R, but this didn't restrict malloc() allocation from C
code. These are deprecated now (see ?Memory) and OS-based restrictions
are recommended.  It has never been possible to restrict disk or CPU
usage from inside R, and it's hard to see how R could do this more
portably than the OS.

You can probably disable functions by removing the R source code and
the entry point definition in src/main/names.c, but most of the
objectionable functions are likely to be necessary for R itself to
run.  There isn't any way to have them usable only by system code.
You can't even reliably screen user code to make sure it doesn't use
the functions, if you consider the possibilities raised by parse() and
eval().

Even if you could disable functions that load compiled code or access
the operating system, you can't stop users passing invalid data to
compiled code via C.  It would be unwise to assume that there are any
limits to  how this can be misused, beyond what the OS memory
management provides.

Securing the use of R probably has to be done outside R itself:
control access via something like ssh, use ulimit to limit resources,
and if you have to deal with potentially malicious users, run in a
chroot jail.

    -thomas

-- 
Thomas Lumley
Professor of Biostatistics
University of Auckland



More information about the R-help mailing list