Karim Belabas on Mon, 19 Sep 2005 13:50:22 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: net capable gp


* Michael Somos [2005-09-17 21:42]:
> Karim wrote :
> 
> >   here's a cute GP function to download and read a script given by an URL,
> 
> Yes, that is quite easy and cute, but, *maybe*, just maybe,
> you may want to *look* at the script before you automatically
> execute it? Of course, that is assuming it is an unknown kind
> of script. If you know and trust what is in it, there is no
> difference to executing a local script or a remote script. I
> would still want to first save the script in a local file, and
> only then execute it. Your mileage may vary. Shalom, Michael

Quite a valid concern. Here's a slightly safer version:

readURL(url) = extern( Str("echo 'default(secure,1);'; wget -q -O - ", url))

'secure' mode is probably not foolproof, but at least the script is not
allowed to use extern, install, system and write, or to change the
'secure', 'prettyprinter' and 'help' defaults [ both of which can be used
to execute an arbitrary command ]

Cheers,

    Karim.
-- 
Karim Belabas                  Tel: (+33) (0)5 40 00 26 17
Universite Bordeaux 1          Fax: (+33) (0)5 40 00 69 50
351, cours de la Liberation    http://www.math.u-bordeaux.fr/~belabas/
F-33405 Talence (France)       http://pari.math.u-bordeaux.fr/  [PARI/GP]