Closed jhgoebbert closed 1 year ago
Hello,
It seems to me, as if MATLAB is started here without token/password on a local port: https://github.com/mathworks/jupyter-matlab-proxy/blob/v0.7.1/src/jupyter_matlab_proxy/__init__.py#L46
This MATLAB server listens on that local port and executes any code in the in the name of the user who owns the MATLAB process.
jupyter-server-proxy comes with support for unix-sockets lately which would fix this security issue nicely: https://github.com/jupyterhub/jupyter-server-proxy/pull/337
jupyter-server-proxy
I moved the issue to the correct repo: https://github.com/mathworks/jupyter-matlab-proxy/issues/63
Hello,
It seems to me, as if MATLAB is started here without token/password on a local port: https://github.com/mathworks/jupyter-matlab-proxy/blob/v0.7.1/src/jupyter_matlab_proxy/__init__.py#L46
This MATLAB server listens on that local port and executes any code in the in the name of the user who owns the MATLAB process.
jupyter-server-proxy
comes with support for unix-sockets lately which would fix this security issue nicely: https://github.com/jupyterhub/jupyter-server-proxy/pull/337