On Sunday 18 April 2004 6:16 pm, Andre Poenitz wrote:
> On Sun, Apr 18, 2004 at 05:03:55PM +0100, Angus Leeming wrote:
> > > Gnuplot would be nice.
> >
> > But gnuplot allows the user to invoke the shell. It's not hard to
> > imagine a script containing the line '!rm -rf $HOME/*'. Does it
> > have a '-safer' mode so that we can render malicious scripts
> > safe?
>
> Don't know. But without this option it would make Windows users
> feel at home...
>
> I had a quick look at the gnuplot help system and did not find
> anything suitable.
What we could do is write a gnuplot_wrapper.sh script that simply
substitutes all calls to the shell with a comment. Or
gnuplot_wrapper.py script if we're worried about our Win32 users.
Something as simple as (below) should do the trick, don't you think?
Angus
#! /bin/sh
test $# -eq 1 || exit
TMP=tmp.$$
sed 's/!/#/' $1 > ${TMP}
cmp -s $1 ${TMP} && {
rm -f ${TMP}
} || {
echo "This script invokes the shell."
echo "We can't guarantee that this call is safe, so have disabled
it."
mv -f ${TMP} $1 || {
cp -f ${TMP} $1
rm -f ${TMP}
}
}
