Alfredo Braunstein wrote:
> It's more complicated than that, e.g.
>
> gnuplot> plot "<rm -rf /"
I could never imagine gnuplot accepts even such expression :o
> Maybe some solution involving a chroot?
Jean-Marc Lasgouttes wrote:
> The only good solution would be an execution mode of gnuplot that
> disables calls to system. Last time I checked, it did not exist.
For completeness, it seems there is no other workaround. It is really
sad that we have to give up this feature, as there will be many people
who are using gnuplot together with lyx or latex. I saw some programs
like Excel pops up an alert when user tries to open a spreadsheet
containing macros. Is it too risky to do the same thing? Say,
- Whenever gnuplot.py is called it pops up an alert, saying
it is exposing the system to some risk (and explain it well)
and urge user to check the gnuplot code
- gnuplot temporary file is made in a newly created directory
and gnuplot is executed after chroot'ing there
- gnuplot.py stops executing if user is using it with root
privileges
I haven't checked the feasibility of the code, but once this is done, at
least files on the disk will not be modified. But of course, depending
on the privileges the user has, if malicious code is *carelessly*
executed, it may be able to do some weired things like shutting down the
computer or else.
I'm not sure if this level of risk is acceptable or not...
Koji
