high security risk on multi-user-systems #20
Description
Hello,
It seems to me, as if MATLAB is started here without token/password on a local port:
https://github.com/mathworks/jupyter-matlab-proxy/blob/v0.7.1/src/jupyter_matlab_proxy/__init__.py#L46
This MATLAB server listens on that local port and executes any code in the in the name of the user who owns the MATLAB process.
jupyter-server-proxy comes with support for unix-sockets lately which would fix this security issue nicely:
jupyterhub/jupyter-server-proxy#337