Hmm. I forgot about that...The only way I could block that is by
filtering it out of the command string. My little hack would still
work for the web interface, and probably shouldn't make it into
Maxima proper. I thought I'd run it by you anyway...
-matt
On Jul 22, 2006, at 9:24 PM, Richard Fateman wrote:
> You know that you can execute any lisp function from the maxima
> command line
> by using ?. For example, ?print(...) uses the lisp function print.
>
> There's not a lot of protection.
> RJF
>
>
> -----Original Message-----
> From: maxima-admin at math.utexas.edu [mailto:maxima-
> admin at math.utexas.edu] On
> Behalf Of Matthew Sarnoff
> Sent: Saturday, July 22, 2006 6:04 PM
> To: maxima at math.utexas.edu
> Subject: A safe "system" function
>
> I'm working on integrating plotting into my web interface, and have
> been looking through plot.lisp a bit. I noticed that plot2d uses
> Maxima's "system" function (i.e. $system) to execute shell commands.
> However, I explicitly unbind $system in my init file and prevent
> execution of Lisp code to prevent users from executing malicious
> commands. This subsequently breaks plotting.
>
> So I modified macsys.lisp and renamed $system to safe-system, and
> changed all references appropriately. I then wrote a new $system
> function, which just passes its arguments to safe-system. That way,
> Maxima can internally execute shell commands all it wants, while
> adding the ability to block users from doing the same.
>
> Do you think this a worthy modification? Should it be committed, or
> will it break lots of other things?
>
> Thanks,
> -matt
>
> _______________________________________________
> Maxima mailing list
> Maxima at math.utexas.edu
> http://www.math.utexas.edu/mailman/listinfo/maxima
>
>
>