lør, 29 05 2010 kl. 21:51 +1000, skrev Thomas Karpiniec:
I'm trying to come up with a way of disabling commands such as
system(), fopen(), plot(), dlmwrite(), etc., which can spawn
subprocesses or interact with the rest of the system.
The reason I want to do this is that I have written an octave IRC bot
for GNU/Linux which allows you to do maths in-channel by forwarding
the input to an octave process and reading results back out to the
channel. Obviously I need to somehow lock it down so that users can't
wreak havoc on my system via octave. :)
I'm open to broader suggestions but my current feeling is that a list
of restricted commands within octave would provide the best
protection. I've searched online and through the manual and I haven't
been able to find a way to do that.
I could always patch octave, of course. Does anyone know if there is
a neater way?
There was a thread on something similar a while back (related to
creating a web interface to Octave); you might want to find that.
In general, if you disable system commands than many other functions
will stop working (example: if you disable the 'system' function, then
you wont be able to start gnuplot, i.e. no plotting). So, I really think
you need to follow Sergei's advice and go with the virtual machine.
Søren