Product: TIBCO Spotfire®
Analysis with TERR script fails with "TIBCO Spotfire Statistics Services returned an error: 'Error: restricted call to Native[writeBin]"
Analysis with data function that uses a TERR script fails with the following error:
"TIBCO Spotfire Statistics Services returned an error: 'Error: restricted call to Native[writeBin]"
This is the expected result when running a TIBCO Enterprise Runtime for R (TERR) call to writeBin() in TIBCO Spotfire Statistics Services (TSSS) 7.11.1 with the default setting for one of the important new features in TSSS 7.11.1.
Any TERR function that calls the .Native() function will fail when TERR is being run in TERR Restricted Execution Mode.
From page 8 in the Release Notes for TSSS 7.11.1 (file "TIB_sf_statsvcs_7.11.1_relnotes.pdf" in the downloaded installation media):
This release introduces the following new features.
- This release of Spotfire Statistics Services sets default properties that restrict running arbitrary scripts that could cause harm by accessing the file system or the internet. It also sets a default property that allows only data function calls sent from TIBCO Spotfire. See 'Changes in Functionality' and 'TIBCO Spotfire® Statistics Services Installation and Administration' for more information.
For more information about these properties, see the 'spserver.properties' reference ("Server properties") in the TIBCO Spotfire Statistics Services Installation and Administration Guide.
The values for each of those new settings can be changed by editing and saving the TSSS instance's "spserver.properties" configuration file, then restarting the Statistics Services service (as a Windows or Linux service) to make it read the modified file.
The following is one of those new properties:
When this property is set to "true" (which is the default), TSSS 7.11.1 runs its TERR engines using the new restricted execution mode (REX), which is described on page 7 in the Release Notes for TERR 4.5.0 (file "TIB_terr_4.5.0_relnotes.pdf" in the downloaded installation media):
Controlling script execution
This release of TERR focuses on providing a means for safely evaluating and executing arbitrary scripts without worrying that a script could cause harm, such as deleting files or uploading confidential information to the internet.
See terrUtils::evalREX for more information.
In a TERR 4.5.0 Console session, the following command will open the help file that provides additional details about TERR's restricted execution mode:
The following command sequence (adapted from examples in the functions' TERR help files) tests a call to writeBin() in restricted execution mode, and shows that the command is restricted:
> # example code from the help file for writeBin():
> tf <- tempfile()
> x <- as.integer(c(-1,1)*3^(0:19))
> writeBin(con=tf, x)
> # Test of restricted execution, adapting an example
> # from the help file for terrUtils::evalREX():
> terrUtils::evalREX( quote( writeBin(con=tf, x) ) )
Error: restricted call to Native[writeBin]