Is there a safe version of `run`?
조회 수: 2 (최근 30일)
이전 댓글 표시
When running a script using run, the script can use functions like delete, or system that endanger the executing machine. This means that scripts cannot be executed trustless with run. Is there a safe version of run that in some way sanitizes the script, preventing filesystem IO?
댓글 수: 0
답변 (1개)
Jan
2021년 11월 12일
No, this is not possible. There is always a trick to use str2func to call eval , which executes a string, which is decrypted during runtime only.
The only way to run a user-defined function without the danger to loose the machine, is to provide a virtual machine, which is recreated from scratch at each start. This is easy to built e.g. by VirtualBox.
Nevertheless, even such a sandbox system is not 100.0% secure: If the Matlab function reloads some evil assembler libraries, it is possible to break out of a virtual machine and to attack the host computer. Or the software can use the computing power of the VM to attack other computers, e.g. in a distributed denial of service attack.
I'm still surprised, that MathWorks offer to run VMs in Cody and here in the forum. The limited runtime for each process prevents, that we send a bit-wise copy of the VM including the installed and activated Matlab engine. But this could be done in chunks... MathWorks has changed the underlying Linux version and removed tools like ping and sendmail. It is not easy to gain root access on the VMs, so I estimate the security level to "reasonably high".
But the question is: Who wants to attack your machine? If you assume such an intention, wouldn't a hin with a hammer into the mainboard mucgh easier?
You access the MathWorks homepage currently. With standard setting you allow the browser to execute script from MathWorks, adobetm, sonsensu.org, crazyegg.com, demdex.net, img03.en25.com, secure.quantserve.com, go-mpuls.net and amazon's s3 services. All of them could inject some evil code. Virus scanners, sandboxes of the browsers and the privilege system of your operating system would reduce the danger of such dangerous scripts. The same holds true, if you run Matlab with user privileges. Then an evil user cannot do much harm directly.
댓글 수: 0
참고 항목
카테고리
Help Center 및 File Exchange에서 Using audio files에 대해 자세히 알아보기
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!