[R] registry vulnerabilities in R

Bert Gunter gunter.berton at gene.com
Wed May 9 20:23:04 CEST 2012


Thanks Rich and Paul:

This gets back to my original comment in this thread. I believe that
CRAN repositories simply rely on whatever security software (malware
checking, etc.) that the hosts provide; R/CRAN do nothing, as you
said. This results in a whole new and almost certainly wholly
impracticable level of security protection to validate, so it is
doubtful that anything can be done to address the concerns. Again, as
you said.

As always, authoritative (dis?) confirmation by R Core experts
required to validate by statement.

-- Bert



On Wed, May 9, 2012 at 11:10 AM, Richard M. Heiberger <rmh at temple.edu> wrote:
> I spoke to someone in the military who did some investigation.
> This is his response
>
>>> 1.  I'm sorry that I don't have anything good to report. The military is
>>> cautious with it's networks and I'm no longer able to use R at work.  I
>>> don't know anything about this registry issue but the show stopper for me
>>> even trying to get R on the military network is CRAN. All that r-project
>>> checks on contributed applications is if they load (or compile as
>>> necessary)
>>> cross-platform. I could make an argument for the security of the Core
>>> functionality of R but not for the contributed packages.
>
>
> On 5/8/12, Paul Martin <pamartin at alum.mit.edu> wrote:
>>
>>    Kirtland Air Force Base has denied approval for the use of R on its
>>    Windows network. Some of their objections seem a bit strange, but some
>>    appear  to  be  legitimate. In particular, they have detected registry
>>    "vulnerabilities"
>>    which are detailed in the attachment.
>>    I know nothing about Windows registry vulnerabilities. If any of these
>>    issues are
>>    legitimate concerns, I would like to see them fixed for everyone's
>> benefit.
>>    I would
>>    appreciate a referral to the appropriate forum for this information. I
>> am
>>    willing
>>    to  assist  in  getting  questions  answered  and gathering additional
>>    information.
>>    Thank you,
>>    Paul Martin
>>    Air Force Research Laboratory
>>    Kirtland Air Force Base
>>    Albuquerque, New Mexico
>>
>
> ______________________________________________
> R-help at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.



-- 

Bert Gunter
Genentech Nonclinical Biostatistics

Internal Contact Info:
Phone: 467-7374
Website:
http://pharmadevelopment.roche.com/index/pdb/pdb-functional-groups/pdb-biostatistics/pdb-ncb-home.htm



More information about the R-help mailing list