Menu
▾
▴
Re: disabling 'insecure' parts of gnuplot file
|
From: Arun P. <ape...@lb...> - 2004-08-31 19:54:54
|
Edward Peschko wrote: > Would a 'taint' gnuplot be possible? (ie: compile it such that dangerous > behaviors are not allowed? Or perhaps a switch to gnuplot that doesn't allow them? > > And is the above the only dangerous behaviour that is possible from gnuplot? How about disabling the "!" command completely and checking that the output file is in the right directory... deleting the "< ..." option for input files might also be a good thing... I also would just including one terminal e.g. for png shouldn't be too much work to delete the right lines in the source code... if you don't want to mess with the gnuplot source code just write a php-file that checks the gnuplot input file before you call gnuplot and disallow the use of "^\s*!" ".*plot.*< ", etc... I'm not sure though in what other ways you could trick gnuplot to do dangerous things... HTH ARUN |
