terr.restricted.execution.mode

The property terr.restricted.execution.mode is set by default to true to ensure that executing certain operations defined as restricted generates an error. Applies only if you are using the TERR engine in your Spotfire Statistics Services installation (that is, you set engine.type=TERR).

Property Name	Default Value	Property Description
`terr.restricted.execution.mode`	`true`	This option specifies that TERR evaluates expressions by calling the function `terrUtils::evalREX`, which ensures that they do not perform I/O on the file system and cannot engage in potentially malicious behavior (such as deleting files or uploading confidential data to the internet). If such an evaluation is attempted, TERR generates an error, such as `"Error: restricted call to Native[tempfile]"`, and execution of the expression is terminated. Restricted behavior includes the following non-exhaustive list of operations. Calling `evalREX` itself. Performing any I/O to the file system or the internet. Loading new packages, except for the libraries included with TIBCO Enterprise Runtime for R (stats, terrUtils, and so on). Spawning new OS processes (calling `'system'`). Calling `.Call`, which is used to call Rapi code in CRAN packages. Calling `.C` or `.Fortran`. Calling into Java using the terrJava package (which allows executing arbitrary Java methods). Calling any functions in the parallel package (which uses terrJava). Accessing any function environments in the stack above the call to `evalREX` using `sys.frame` or `parent.frame`. This prevents malicious code from installing functions or expressions that could be executed after leaving restricted execution mode. Changing the variable lookup path by setting `parent.env` of an environment, or reading or setting the environment of a closure. Defining S4 classes and methods using `setClass` or `setMethod`. Note: If `terr.restricted.execution.mode=true`, then Spotfire Statistics Services attempts to detect if the version of TERR it is running has `terrUtils::evalREX` defined. If it does not, then it cannot start any TERR engines, and the system generates many logging errors reading `"TERR engine does not support evalREX (update TERR or set spserver.properties item 'terr.restricted.execution.mode=false')"` See Recommendations for safeguarding your environment for more information. For more information about `terrUtils::evalREX`, see its help file in the TIBCO® Enterprise Runtime for R Language Reference.

Property Name

Default Value

Property Description

terr.restricted.execution.mode

true

This option specifies that TERR evaluates expressions by calling the function terrUtils::evalREX, which ensures that they do not perform I/O on the file system and cannot engage in potentially malicious behavior (such as deleting files or uploading confidential data to the internet). If such an evaluation is attempted, TERR generates an error, such as "Error: restricted call to Native[tempfile]", and execution of the expression is terminated.

Restricted behavior includes the following non-exhaustive list of operations.

Calling evalREX itself.
Performing any I/O to the file system or the internet.
Loading new packages, except for the libraries included with TIBCO Enterprise Runtime for R (stats, terrUtils, and so on).
Spawning new OS processes (calling 'system').
Calling .Call, which is used to call Rapi code in CRAN packages.
Calling .C or .Fortran.
Calling into Java using the terrJava package (which allows executing arbitrary Java methods).
Calling any functions in the parallel package (which uses terrJava).
Accessing any function environments in the stack above the call to evalREX using sys.frame or parent.frame. This prevents malicious code from installing functions or expressions that could be executed after leaving restricted execution mode.
Changing the variable lookup path by setting parent.env of an environment, or reading or setting the environment of a closure.
Defining S4 classes and methods using setClass or setMethod.

Note: If terr.restricted.execution.mode=true, then Spotfire Statistics Services attempts to detect if the version of TERR it is running has terrUtils::evalREX defined. If it does not, then it cannot start any TERR engines, and the system generates many logging errors reading "TERR engine does not support evalREX (update TERR or set spserver.properties item 'terr.restricted.execution.mode=false')"

See Recommendations for safeguarding your environment for more information.

For more information about terrUtils::evalREX, see its help file in the TIBCO® Enterprise Runtime for R Language Reference.

Contents

Index

Search Results

terr.restricted.execution.mode