Maple Engine Security
Overview of security features in the Maple engine
Description
Security Model Overview
Categories of Controlled Operations
Security Settings
Summary of Controlled Operations
Through library and built-in functions, the Maple language provides full access to the computer on which it is running. This access is limited only by the privileges of the user who started the engine. However, this user may wish to restrict the capabilities of the Maple language in certain situations, such as when executing untrusted code, or in the context of MapleNet. Maple engine security can be used to restrict the read, write, external calling, and system calling privileges of the Maple language.
In the Maple engine, security is implemented as a collection of lists that describe which files and directories are permitted for certain operations. These operations have been grouped into categories. Associated with each category are two lists of patterns (file specifications); one represents the list of permitted files and the other represents the list of restricted files.
With security enabled, when an operation on a file is attempted, the Maple engine tests the file against associated lists to determine if the action is permitted.
Potentially unsafe operations performed by the Maple engine have been divided into the following categories:
(read) reading of files or directories
(write) writing to files or directories
(extcall) loading of files for execution through an external call
(syscall) other commands that are potentially dangerous
Operations in categories (1), (2), and (3) are controlled by lists of patterns (file specifications) that specify which files can be written, read, and executed through an external call.
Category (1) is controlled by the security settings SECURE_READ_LIST and SECURE_NOREAD_LIST.
Category (2) is controlled by the security settings SECURE_WRITE_LIST and SECURE_NOWRITE_LIST.
Category (3) is controlled by the security settings SECURE_EXTCALL_LIST and SECURE_NOEXTCALL_LIST.
Each of these settings contains a list of file specifications. For a description of valid file specifications, see the File Specifications for Maple Engine Security help page.
Category (4) is controlled by the security setting SECURE_SYSCALL_ENABLED. The entire group of operations in category (4) can only be enabled or disabled as a whole.
The security settings are stored in the Maple engine as follows:
SECURE_READ_LIST
list of file specifications for permitted read operations
SECURE_NOREAD_LIST
list of file specifications for restricted read operations
SECURE_WRITE_LIST
list of file specifications for permitted write operations
SECURE_NOWRITE_LIST
list of file specifications for restricted write operations
SECURE_EXTCALL_LIST
list of file specifications for permitted external call libraries
SECURE_NOEXTCALL_LIST
list of file specifications for restricted external call libraries
SECURE_SYSCALL_ENABLED
Boolean flag for enabling/disabling calls to system and ssystem
SECURE_MODE
Boolean flag for enabling/disabling security
To view the current security settings, you can use the command Security:-Config().
Maple engine security settings can be configured either through command line options or through the GUI interface.
For information on how to configure security setting through the GUI interface, see the GUI Configuration of Maple Engine Security help page.
For information on how to configure security settings through command line options, see the Command-line Configuration of Maple Engine Security help page.
Read Operations
In general, any operation that attempts to open a file for read will be affected by the read settings. This includes (but is not restricted to):
library read operations performed explicitly through march or implicitly through libname
reading of Maple source files or Maple internal format files through either the read command or implicitly by referencing specific names
read operations in the FileTools package
For these operations, if the file is deemed readable, the operation is permitted.
Write Operations
In general, any operation that attempts to open a file for writing will be affected by the write settings. This includes (but is not restricted to):
library save operations performed explicitly through march or implicitly through libname
write operations in the FileTools package
appendto or writeto
For these operations, if the file is deemed writable, the operation is permitted.
External Call Operations
All define_external commands are affected by the extcall settings.
For all languages other than Java, if the library argument is deemed loadable, the operation will be permitted.
For Java external calls, if all classpath elements are deemed loadable, the operation is permitted.
System Operations
In general, any operation that interrogates the underlying system or relies on it to evaluate arbitrary commands will be affected by the syscall setting. This includes (but is not restricted to):
system and ssystem
Compiler (which relies on system)
currentdir
fopen commands using pipes or processes
For these operations, if syscalls are enabled, the operation is permitted. For the currentdir call, the operation is only permitted if access to the the current working directory is permitted by the current security settings.
See Also
EngineSecurity,CLIConfig
EngineSecurity,FileSpec
EngineSecurity,GUIConfig
Security
Download Help Document
