Allow user submitted Post processing scripts #11
Comments
JaikrishnaTS
changed the title
|
There is no security issue (as in original message) because we have a separate folder called 'Scripts' which the submit node creates from scratch. But this could be a feature for power users. @akrinos would you find this useful? |
|
Arianna is definitely a power user :)
Kait, it might be good for you to follow the GRAPLE github site for updates?
On May 11, 2017, at 3:15 PM, Jaikrishna ***@***.***> wrote:
There is no security issue (as in original message) because we have a separate folder called 'Scripts' which the submit node creates from scratch.
But this could be a feature for power users.
@akrinos <https://github.com/akrinos> would you find this useful?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#11 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHHZyoRCkisVB_ejrXglMMB7yOnLbHZtks5r415LgaJpZM4NRbSx>.
Cayelan Carey, Ph.D.
Assistant Professor
Department of Biological Sciences
Virginia Tech
2011 Derring Hall
926 West Campus Drive
Blacksburg, VA 24061
skype: diatomsarelife
website: http://carey.biol.vt.edu
|
|
This would absolutely be a useful feature to me. More broadly, attempting to save an existing script could be dissuaded by either prompting the user to input date as part of the file name or separately, or saving the scripts automatically with the date somehow, if it is possible, for clarity and organization. |
|
@akrinos I think I didn't explain it properly. I was considering the possibility of executing a single experiment submission with an R post processing script attachment (similar to the job_desc.json now). We don't intend to support adding to the 'public post processing script library' because that would pose a lot more security issues. |
|
@JaikrishnaTS you definitely explained properly! The second comment that was clear and it would be immensely useful - I thought the long-term idea you started off with was to store user-supplied post-processing scripts. The naming convention would be to facilitate storage and potential retrieval of these scripts. Thanks! |
|
@kcratie Additional information regarding the security implications of allowing this. A malicious R script can potentially manipulate other jobs running in the same worker, but possibly can't do anything beyond that. |
Currently a hard coding of Rscript filename is used to run post processing scripts in worker.
Need to make sure that the user doesn't submit a Rscript file with the same name.
Fix by removing the Rscript file if found, in the else section of https://github.com/GRAPLE/GWS/blob/master/gws.py#L128
The text was updated successfully, but these errors were encountered: