[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sharing scripts
|
From: |
Francesco Potortì |
|
Subject: |
Re: Sharing scripts |
|
Date: |
Fri, 12 Mar 2010 17:15:31 +0100 |
>Maybe other might be able to think of some attacks that will help you
>protect your Octave web server.
Generally speaking, an interpreter like Octave is not a thing that
should be left open for running arbitrary things on a server, unless you
are very careful about what you disable by redefining them as empty or
generating an error.
Apart from all file-related commands, probably including "source", and
all system-related commands like those already mentioned, you should
probably impose limits on cpu and memory consumption by using ulimit on
Unix and running the interpreter as a user with low privileges. A
chroot environment would give you additional protection against
unforeseen weaknesses of the interpreter. All in all, not something
that should be done lightly :)
--
Francesco Potortì (ricercatore) Voice: +39 050 315 3058 (op.2111)
ISTI - Area della ricerca CNR Fax: +39 050 315 2040
via G. Moruzzi 1, I-56124 Pisa Email: address@hidden
(entrance 20, 1st floor, room C71) Web: http://fly.isti.cnr.it/
Re: Sharing scripts, Jaroslav Hajek, 2010/03/11
Re: Sharing scripts, Michael Creel, 2010/03/13
Re: Sharing scripts, Søren Hauberg, 2010/03/13
Re: Sharing scripts, MathCloud, 2010/03/14