[R] registry vulnerabilities in R
Paul Martin
pamartin at alum.mit.edu
Wed May 9 18:46:03 CEST 2012
I don't have much new to add, but I want to make some clarifying comments:
First, there are clearly workarounds available. I am using one now. R is
installed on a personal laptop which I bring to work every day. I take
extreme care with the nature of the files I move back and forth, and
none of this is classified. This is common practice here. Yes, it would
be nice if I could get R onto my desktop machine at work. It would save
me burning CDs to move plots back and forth. But it's not the end of the
world. My ability to get work done is not the issue here.
The issue is the following: Is there anything her which is of concern to
the R community? I suspect the answer is no, but cannot say anything for
sure at this point.
The registry analysis tool looks like it is custom software developed by
the Air Force. I can't get any specific information beyond that. That is
unfortunate, since it would be nice if the tests could be duplicated and
confirmed.
We will get separate tests on R without RStudio.
The registry analysis reports results in two sections: Registry entries
added and registry entries modified. There were no vulnerabilities found
in the "entries modified" section. All of the vulnerabilities are listed
under "entries added".
I will let you know if I find out anything else. Certainly the isolated
test of the R software without RStudio will be of interest.
Thank you all or your comments,
Paul Martin
On 5/9/2012 10:00 AM, Barry Rowlingson wrote:
>>> Someone said:
>>> Once R is accepted, you could ask for an RStudio test if you want.
> I had another thought shortly after my initial email. Suppose yes, R
> is accepted. Great. You run R.
>
> Then you think, "Oh, I need ggplot2" (yes you do). Do you then have
> to get security clearance for every package you want to download from
> CRAN?
>
> Barry
>
More information about the R-help
mailing list