Menu
▾
▴
Re: disabling 'insecure' parts of gnuplot file
|
From: Ethan M. <merritt@u.washington.edu> - 2004-08-31 21:41:40
|
On Tuesday 31 August 2004 12:47 pm, Edward Peschko wrote: > > > you could disable pipes, but the program you were left with wouldn't > > be very useful. > > not really true, IMO. In mediawiki we'd probably want to limit plotting to inline, > which I asked about the other time. IE: it would be up to the user to use programs > to create data, etc. which would then be uploaded to mediawiki. ??? What do you mean by "in line"? I normally interpret that to mean "via pipe", but that's exactly what you would be disabling. > > I think the only possible mechanism would be to create a > > wrapper script that set the UID/EID to a non-privileged user > > with no permission to write outside of a captive directory tree. > > Its barely possible, but its still pretty ugly... You'd need a separate > user/etc for each graph. I don't think you would. The wrapper script itself could save the output graph back to the user's own area. Its flow would look like: stdin = open input stdout = open output drop privileges mkdir /tmp_<process_id> chroot /tmp_<process_id> gnuplot -- Ethan A Merritt merritt@u.washington.edu Biomolecular Structure Center Mailstop 357742 University of Washington, Seattle, WA 98195 |
