[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Axiom-developer] RE: Axiom on MediaWiki (was: Axiom)
[Axiom-developer] RE: Axiom on MediaWiki (was: Axiom)
Mon, 28 May 2007 01:04:19 +0200
I'm filtering the commands you provided to improve security. I don't
perform chroot and still use the apache user (too much work).
I improved the Latex a little.
For installation or linking please use
I tested http://wiki.axiom-developer.org/VeryLongLaTeX and all of them
I'm not really sure how to do formula line breaking - is there a latex
option I could insert at the beginning?
If you want to provide any Latex tests please edit
http://www.eisber.net/StatWiki/index.php/Axiom - it would be nice if you
register, so I know you added it.
I'll try graphics right now.
From: Bill Page [mailto:address@hidden
Sent: Sonntag, 27. Mai 2007 20:42
To: Markus Cozowicz
Subject: RE: Axiom on MediaWiki (was: Axiom)
Thank you very much for this initial work! I think it is very
On May 27, 2007 12:19 PM Markus Cozowicz wrote:
> I found some time on the weekend to work on it.
> Have a look at http://www.eisber.net/StatWiki/index.php/Temp
> I'm actually reusing <math>-tag from MediaWiki, which has
> limited Latex support. Thus I have to do some conversions and
> stripping. I don't think full support of all Latex outputted
> by Axiom is possible, but to get a reasonable amount, I'd have
> to go through some more samples.
> Some questions:
> - Do you have list of functions that impose security problems?
There are at least two classes of operations that potentially
pose security threats when running Axiom pubicly online. One
command which permits the user to open access to all system
commands. The 2nd entry point is via Lisp which can be
invoked either as a commands such as
of via a function call like this
Both of these leave the system wide open. Unfortunately both
of them also have potentially quite valid uses. I think it
fair to say that the developers of Axiom have given almost
no thought at all to the need for security since the standard
model is to have Axiom running only locally on you desktop.
If you are concerned about security (I don't it take for
granted that you necessarily need to be, given our experience
over the last three years at axiom-developer.org), then I
would highly recommend that first of all you should run Axiom
in a chroot environment.
> - Do you have testcases for Latex output?
No, I am sorry that we do not have such official test cases.
I would be glad to develop these with you.
We have however documented some problem cases on the Axiom
> I saw that you support graphics too with postscript output.
Axiom can generate graphics with postscript output if it
is run in an X-windows environment. This is possible even
on a headless server by installing the virtual framebuffer
driver Xfbdev and the xvfb-run, although I have had some
trouble interacting with this configuration via a pipe. I
think to do this successfully requires pty support and
something like pexpect.
Right now we do cannot automatically generate graphics for
inclusion in the Axiom Wiki.
See some sparse notes here:
> The R-plugin for media wiki already does postscript to png
> conversion for R graphics...
> It shouldn't be too hard to adapt that for Axiom.
> -----Original Message-----
> From: Bill Page [mailto:address@hidden
> Sent: Dienstag, 10. April 2007 03:08
> To: Markus Cozowicz
> Cc: 'Axiom-Developer'
> Subject: Axiom on MediaWiki (was: Axiom)
> I hope you do not mind that I am copying this to the Axiom
> developer mailing list. I think there may be some other
> people here who are interested in this subject.
> On April 9, 2007 6:43 PM Markus Cozowicz wrote:
> > I'm actually trying to integrate Axiom into MediaWiki. I'm
> > using it to write my statistics homework (www.eisber.net/StatWiki).
> Well, I thinks that's a pretty ambitious project just to do
> your homework! :-) But I think this is interesting for much
> more than that.
> > MediaWiki is written in PHP.
> Yes. Very famous. It is the wiki software behind Wikipedia.
> I think it is a very good choice (except for PHP, but that's
> a different story).
> > I'm not sure if I actually want to properly interface with
> > Axiom, as I'm only interested in the generated latex, that
> > needs to be piped into texvc (yet another binary - the latex
> > interface used in MediaWiki).
> I don't know what you mean exactly by "properly interface with
> Axiom". Axiom can generate LaTeX output for the results that it
> calculates. I assume that if you are interested in Axiom, you
> are also interested in symbolic computer algebra in some form
> or other - otherwise I don't see much point in using Axiom just
> to generate LaTeX output. I think you would find it rather
> awkward if that was all you wanted it to do.
> I suppose that you are familiar with the Axiom Wiki web site:
> If you are using Axiom for statistics - even if it is just for
> a course - then you are certainly welcome to use this web site
> (which is publically available) or it's sister portal site:
> where you can log-in and control who gets access to the pages
> you prepare. We are always interested in more examples of
> applications where Axiom can be used. Your exercises might
> help other people realize how Axiom can be used in their
> own situation.
> As you can discover from the wiki site, these web sites are
> based on Zwiki, Zope and Python - quite different from most
> PHP applications although they accomplish mostly the same
> thing in the end.
> If you are more interested in continuing the development of
> a general purpose MediaWiki plug-in that allows MediaWiki to
> send commands to Axiom and display the results on a wiki page
> in nicely LaTeX typeset form, then as an Axiom developer I am
> very interested in that. I would very much like to be able to
> offer such an interface for Axiom to other MediaWiki users.
> So I would be glad to help you with this.
> > Can I disabled shell execution in Axiom? Because for security
> > reason, I probably don't want anybody to execute arbitrary
> > code on my server.
> Axiom is not designed with this kind of security in mind, but
> in the PHP interface to Axiom, it would be possible to intercept
> commands which might execute arbitrary code and still leave a
> significant subset of Axiom available to the user. If malicous
> code is a serious risk, I think the best option would be to run
> Axiom in a chroot environment or perhaps on a separate virtual
> machine using Xen or other VM tool.
> Bill Page.