Many useful scripts have been written by the VMD user community, so you'll often find yourself wanting to run a script written by someone else. It's a good idea to look over the script to make sure it doesn't do anything dangerous: writing to files on your hard disk, opening connections to other computers on your network, and so on. However, when the script is fairly complicated, or when you want to run it right away, examining it for unsafe commands is too much work. Potential security risks are especially large if you run VMD from a web browser, because you could download and run a script from any page on the web without ever storing it in a permanent location. The latter is the main reason we developed the VMD Sandbox package. The Sandbox package solves security problems by giving you a way to run scripts safely, without allowing them access to your files or network.

Installing the scripts

To install the VMD Sandbox package,

  1. Download and unpack the file sandbox.tgz.
  2. Add the following lines to your .vmdrc, replacing <sandbox directory> with the directory containing the scripts.
      lappend auto_path <sandbox directory>
      if { [info exists env(VMDRUNWEBSCRIPT)] } {
          package require sandbox
          ::Sandbox::safeSource $env(VMDRUNWEBSCRIPT)

Running a script safely

To run a script safely, simply type
  <sandbox directory>/ script.tcl
This will start vmd and (because of what you added to .vmdrc) run the script within a safe sandbox. Look at the Tcl manual under the command interp create -safe to see how we do this.

Allowed commands

Some VMD commands are completely safe, such as "material" and "molinfo". Some commands, such as "render", are disallowed, because they allow direct access to your files. Some commands, such as "mol" and "atomselect" are more finely controlled, because they are mostly safe, but have a few unsafe sub-commands. Tcl prohibits the script from accessing your files or network through any of the standard Tcl commands. In order to facilitate web VMD scripts, we have provided two commands that might be considered security risks. You should probably disable these if you plan to use the sandbox for a purpose other than web scripting:
  • startServer starts a server on port 2000, only accepting connections from the local machine, that runs VMD commands sent to it as HTTP requests. The commands are run within the safe sandbox, so they will not have access to your files or network.
  • newurlload allows a script to load files into VMD from over the web. This allows a web-based script to load its data files, but it also means that a very malicious script could steal molecular data posted on a website with restricted access, then send it over the network to another computer.