Dear Riccardo,
May be, I begin to understand your point
I'd like to add several items
I never intended to upload the package contained
the shell command
I even feared to upload it to e-disk I use
for my course materials before Allin made
the things clear for me: I will simply ban
using shell command by my students
I hope I was correct all the time during the discussion:
I uploaded nothing containing even a hint to use
third part soft to the staging area
Also I hope I didn't waste anybody's time, since
the discussion helped to clear Gretl policy
And the last stroke. Below is a short code.
How to tell, whether it uses third part soft, or
it is a simple wrapper to Gretl foreign block?
I fear it will ends in explicit statement in
instruction for package writers not to use
foreign command in packages.
Of course I don't want to, but....
Oleh
The code:
function void Rmodel (string mod "quoted R function",
list X "list of data series",
string packages[null] "R packages to use, separated by commas",
bool smr[0] "whether to output summary(model), default = no")
if isnull(packages)
packages = ""
else
packages = "library("~packages~")"
packages = strsub(packages,",",");library(")
endif
sprintf h "%d", smr
string path = $dotdir
file1 = path~"/"~"coeff6789.mat"
catch r1 = remove(file1)
foreign language=R --send-data=X
if (any(!class(gretldata)=="data.frame"))
{mts2frame2<-function(x)
{ddd<-data.frame(x);
if (length(class(x))>1)
{m<-ncol(x);for (i in 1:m)
ddd[,i]<-ts(ddd[,i],start=start(x),frequency=frequency(x))}
else
ddd[,1]<-ts(ddd[,1],start=start(x),frequency=frequency(x));
ddd};
gretldata<-mts2frame2(gretldata)}
attach(gretldata)
@packages
m1<-@mod
nm1<-names(m1)
ifcoef<-any(grepl("coeff",nm1,fixed=T))
if (ifcoef)
{
coeff6789<-as.matrix(as.numeric(m1$coeff));
co<-capture.output(gretl.export(coeff6789))};
h<-@h;
{
if (h==1)
summary(m1)
else
m1
}
end foreign
catch coef = mread("coeff6789.mat",1)
err = $error
if err=0
print coef
file1 = path~"/"~"routput6789.mat"
r1 = remove(file1)
endif
end function
Examples
open beer.gdt
ind = (i>30000)
list X = q pb ind
Rmodel("ets(q)",X,"forecast")
Rmodel("lm(q~pb)",X,null,1)
Rmodel("glm(q~pb)",X,null,1)
Rmodel("auto.arima(q,xreg=pb)",X,"forecast",1)
Rmodel("arfima(q)",X,"forecast")
Rmodel("plm(q~pb,data=gretldata,model='within',index='ind')",X,"plm")
10 жовтня 2015, 10:53:35, від "Riccardo (Jack) Lucchetti"
<r.lucchetti(a)univpm.it>:
On Fri, 9 Oct 2015, Allin Cottrell wrote:
> On Fri, 9 Oct 2015, oleg_komashko(a)ukr.net wrote:
>
>> Dear all,
>> The User's guide says that
>> shell_ok on/off are in the GUI
>> for security issues.
>> What are typical dangers?
>
> Maybe not very likely, but for example
>
> ! rm -rf /
>
> If a gretl user has root privileges that would trash the hard drive. Or
>
> ! rm -rf ~/
>
> even without root privileges would totally destroy the user's filespace.
>
> The shell is powerful! To date we have no evidence of malicious gretl
> scripts being distributed, but we'd rather not wait for a disaster to occur
> before imposing some default limitations.
And this is also why we ought to keep an eye on what function packages
contain. I'm not saying that people would inject malicious code on purpose
into a function package, but unintended potentially harmful stuff, yes,
especially if we allow unrestricted foreign blocks in function packages.
-------------------------------------------------------
Riccardo (Jack) Lucchetti
Dipartimento di Scienze Economiche e Sociali (DiSES)
Università Politecnica delle Marche
(formerly known as Università di Ancona)
r.lucchetti(a)univpm.it
http://www2.econ.univpm.it/servizi/hpp/lucchetti
-------------------------------------------------------
_______________________________________________
Gretl-users mailing list
Gretl-users(a)lists.wfu.edu
http://lists.wfu.edu/mailman/listinfo/gretl-users