| Karim Belabas on Mon, 19 Sep 2005 13:50:22 +0200 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: net capable gp |
* Michael Somos [2005-09-17 21:42]:
> Karim wrote :
>
> > here's a cute GP function to download and read a script given by an URL,
>
> Yes, that is quite easy and cute, but, *maybe*, just maybe,
> you may want to *look* at the script before you automatically
> execute it? Of course, that is assuming it is an unknown kind
> of script. If you know and trust what is in it, there is no
> difference to executing a local script or a remote script. I
> would still want to first save the script in a local file, and
> only then execute it. Your mileage may vary. Shalom, Michael
Quite a valid concern. Here's a slightly safer version:
readURL(url) = extern( Str("echo 'default(secure,1);'; wget -q -O - ", url))
'secure' mode is probably not foolproof, but at least the script is not
allowed to use extern, install, system and write, or to change the
'secure', 'prettyprinter' and 'help' defaults [ both of which can be used
to execute an arbitrary command ]
Cheers,
Karim.
--
Karim Belabas Tel: (+33) (0)5 40 00 26 17
Universite Bordeaux 1 Fax: (+33) (0)5 40 00 69 50
351, cours de la Liberation http://www.math.u-bordeaux.fr/~belabas/
F-33405 Talence (France) http://pari.math.u-bordeaux.fr/ [PARI/GP]