Re: [Gretl-users] shell_ok question

Am 10.10.2015 um 09:51 schrieb Riccardo (Jack) Lucchetti: > On Fri, 9 Oct 2015, Allin Cottrell wrote: >> >> The shell is powerful! To date we have no evidence of malicious gretl >> scripts being distributed, but we'd rather not wait for a disaster to >> occur before imposing some default limitations. > > And this is also why we ought to keep an eye on what function packages > contain. I'm not saying that people would inject malicious code on > purpose into a function package, but unintended potentially harmful > stuff, yes, especially if we allow unrestricted foreign blocks in > function packages. > Interesting point; maybe we should introduce an automatic check if a contributed user package contains a shell command "!" or uses the remove() function or something like that. (With "check" I don't mean at runtime, but at contribution time.) cheers, sven _______________________________________________ Gretl-users mailing list Gretl-users(a)lists.wfu.edu http://lists.wfu.edu/mailman/listinfo/gretl-users