Menu
▾
▴
Re: [Gnuplot-info] Security concerns when compiling gnuplot online
|
From: Dave H. <da...@ho...> - 2023-12-05 04:41:39
|
On Tue, 5 Dec 2023, Rami Boutassghount wrote:
[...]
> These commands are
> not_allowed = ["set terminal", "set output", "gpval_", "cd ", "system "]
>
> *Is there anything else that I should consider?*
This suggests that you should consider reversing the test i.e. allow the
ones deemed to be safe and block the rest by default ("fail safe"); this
is what good firewalls do, as you are protected from future (and unsafe)
additions.
Of course, you'll have to extend the list where necessary, but you'll have
to do that with future unsafe commands anyway.
-- Dave
|
