Re: [Gretl-users] shell_ok question
On Fri, 9 Oct 2015, Allin Cottrell wrote:
On Fri, 9 Oct 2015, oleg_komashko(a)ukr.net wrote:
> Dear all,
> The User's guide says that
> shell_ok on/off are in the GUI
> for security issues.
> What are typical dangers?
Maybe not very likely, but for example
! rm -rf /
If a gretl user has root privileges that would trash the hard drive. Or
! rm -rf ~/
even without root privileges would totally destroy the user's filespace.
The shell is powerful! To date we have no evidence of malicious gretl
scripts being distributed, but we'd rather not wait for a disaster to occur
before imposing some default limitations.
And this is also why we ought to keep an eye on what function packages
contain. I'm not saying that people would inject malicious code on purpose
into a function package, but unintended potentially harmful stuff, yes,
especially if we allow unrestricted foreign blocks in function packages.
-------------------------------------------------------
Riccardo (Jack) Lucchetti
Dipartimento di Scienze Economiche e Sociali (DiSES)
Università Politecnica delle Marche
(formerly known as Università di Ancona)
r.lucchetti(a)univpm.it
http://www2.econ.univpm.it/servizi/hpp/lucchetti
-------------------------------------------------------