On Sun, Apr 18, 2004 at 07:42:29PM +0100, Angus Leeming wrote: > On Sunday 18 April 2004 6:16 pm, Andre Poenitz wrote: > > On Sun, Apr 18, 2004 at 05:03:55PM +0100, Angus Leeming wrote: > > > > Gnuplot would be nice. > > > > > > But gnuplot allows the user to invoke the shell. It's not hard to > > > imagine a script containing the line '!rm -rf $HOME/*'. Does it > > > have a '-safer' mode so that we can render malicious scripts > > > safe? > > > > Don't know. But without this option it would make Windows users > > feel at home... > > > > I had a quick look at the gnuplot help system and did not find > > anything suitable. > > What we could do is write a gnuplot_wrapper.sh script that simply > substitutes all calls to the shell with a comment. Or > gnuplot_wrapper.py script if we're worried about our Win32 users. > Something as simple as (below) should do the trick, don't you think?
There's an explicit 'shell' command in gnuplot, too, and maybe 'save' should be forbidden, too. I wonder whether the better solution would be to ask the gnuplot people to provide a 'secure' mode. The splash screen says: Send comments and requests for help to <[EMAIL PROTECTED]> Send bugs, suggestions and mods to <[EMAIL PROTECTED]> Andre'
