Re: [Gretl-users] shell_ok question
Am 10.10.2015 um 09:51 schrieb Riccardo (Jack) Lucchetti:
On Fri, 9 Oct 2015, Allin Cottrell wrote:
>
> The shell is powerful! To date we have no evidence of malicious gretl
> scripts being distributed, but we'd rather not wait for a disaster to
> occur before imposing some default limitations.
And this is also why we ought to keep an eye on what function packages
contain. I'm not saying that people would inject malicious code on
purpose into a function package, but unintended potentially harmful
stuff, yes, especially if we allow unrestricted foreign blocks in
function packages.
Interesting point; maybe we should introduce an automatic check if a
contributed user package contains a shell command "!" or uses the
remove() function or something like that.
(With "check" I don't mean at runtime, but at contribution time.)
cheers,
sven