From help-request at octave dot org Mon Mar 13 19:35:44 2006 Subject: Re: Octave in Universities From: Paul Kienzle To: etienne at isr dot ist dot utl dot pt, etienne@cs.uky.edu, etienne.grossmann@laposte.net Cc: list octave Date: Mon, 13 Mar 2006 20:33:18 -0500 On Mar 11, 2006, at 1:56 PM, Etienne Grossmann wrote: > Afaik, few of my present or past colleagues use Octave - except > perhaps Mai Zhou [1] at the math dept. of the U. of Kentucky, who > maintains a web interface [2]. I will ask for his comments. Thinking about web interfaces to octave, I got concerned about the security implications. For example, the system call gives full access to the local shell, and there are commands like fopen which can also be dangerous in the right hands. I wrote a quick little function clear_builtin which removes a function symbol from the current context, from the prompt and from the builtin function list. That means you don't have to hack your version of octave to remove system(). A complete solution would clear a number of builtin functions and provide oct-file replacements for alternatives which do complete argument checking (e.g., fopen which strips all directory information before opening). Anyone want to put something together and add it to octave-forge? - Paul -- clear_builtin.cc -- #include #include DEFUN_DLD(clear_builtin,args,nargout,"clear a builtin function") { octave_value_list retval; if (args.length() != 1) { print_usage("clearfn"); } else { std::string nm(args(0).string_value()); if (!error_state) { fbi_sym_tab->clear(nm); curr_sym_tab->clear(nm); top_level_sym_tab->clear(nm); } } return retval; } ------------------------------------------------------------- Octave is freely available under the terms of the GNU GPL. Octave's home on the web: http://www.octave.org How to fund new projects: http://www.octave.org/funding.html Subscription information: http://www.octave.org/archive.html -------------------------------------------------------------