Is there a safe version of `run`?
2 views (last 30 days)
Show older comments
When running a script using run, the script can use functions like delete, or system that endanger the executing machine. This means that scripts cannot be executed trustless with run. Is there a safe version of run that in some way sanitizes the script, preventing filesystem IO?
0 Comments
Answers (1)
Jan
on 12 Nov 2021
No, this is not possible. There is always a trick to use str2func to call eval , which executes a string, which is decrypted during runtime only.
The only way to run a user-defined function without the danger to loose the machine, is to provide a virtual machine, which is recreated from scratch at each start. This is easy to built e.g. by VirtualBox.
Nevertheless, even such a sandbox system is not 100.0% secure: If the Matlab function reloads some evil assembler libraries, it is possible to break out of a virtual machine and to attack the host computer. Or the software can use the computing power of the VM to attack other computers, e.g. in a distributed denial of service attack.
I'm still surprised, that MathWorks offer to run VMs in Cody and here in the forum. The limited runtime for each process prevents, that we send a bit-wise copy of the VM including the installed and activated Matlab engine. But this could be done in chunks... MathWorks has changed the underlying Linux version and removed tools like ping and sendmail. It is not easy to gain root access on the VMs, so I estimate the security level to "reasonably high".
But the question is: Who wants to attack your machine? If you assume such an intention, wouldn't a hin with a hammer into the mainboard mucgh easier?
You access the MathWorks homepage currently. With standard setting you allow the browser to execute script from MathWorks, adobetm, sonsensu.org, crazyegg.com, demdex.net, img03.en25.com, secure.quantserve.com, go-mpuls.net and amazon's s3 services. All of them could inject some evil code. Virus scanners, sandboxes of the browsers and the privilege system of your operating system would reduce the danger of such dangerous scripts. The same holds true, if you run Matlab with user privileges. Then an evil user cannot do much harm directly.
0 Comments
See Also
Categories
Find more on Using audio files in Help Center and File Exchange
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!