On Sat, Oct 20, 2012 at 10:18 PM, Yihui Xie <x...@yihui.name> wrote: > I do not see an obvious approach to solve this issue except > documenting the potential security problem in the manual. It exists in > all R-related applications, including R packages. I have seen people > collecting keywords like system() and file.remove(), but that is > apparently far from a perfect solution. Education is probably the only > way...
You mean searching the chunk for the word "system"? I agree that it would be useless: first <- "sy" second <- "stem" do.call(paste(first,second,sep=""),list(command="echo I still have access >> tempfile.txt")) What if knitr overrides the "system" function before processing the chunk? My guess is that it's not a good idea: there is probably a way around it, there are many other functions that would need to be blacklisted and overridden, and it would probably cause more bugs than security. But I wanted to throw it out there. Thanks, Scott > > Regards, > Yihui > -- > Yihui Xie <xieyi...@gmail.com> > Phone: 515-294-2465 Web: http://yihui.name > Department of Statistics, Iowa State University > 2215 Snedecor Hall, Ames, IA > > > On Sat, Oct 20, 2012 at 8:51 PM, Scott Kostyshak <skost...@lyx.org> wrote: >> I do not see knitr and Sweave security discussed anywhere. The >> Customization guide has 5 paragraphs on security regarding external >> templates. >> >> For example, someone could post a .lyx file asking for help that >> contains malicious code. I don't always check the list of modules that >> a document has and sometimes it might be hard to go through the entire >> file looking at the chunks of code (which might not stand out since >> they can be collapsed) before compiling. Using R's "system" command, >> one can run arbitrary commands, downloading/uploading or deleting >> information. >> >> In the external template support, measures are taken to restrict the >> access that the user has to the shell. >> >> I do not see any options that Rscript can accept to provide more security. >> >> Any thoughts as far as improving security, warning the user, or >> documentation? >> >> Thanks, >> >> Scott
