<div class="gmail_quote">On Thu, Jan 29, 2009 at 10:01 PM, <span dir="ltr"><<a href="mailto:forster@ozonline.com.au">forster@ozonline.com.au</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">> What I am concerned about is making the system vulnerable by letting<br>
> arbitrary functions to execute within TA. I can imagine that Rainbow<br>
> would be of some protection here, but are there other things I can do<br>
> to restrict, say to the math module, the functions available.<br>
><br>
</div>Would TA make the system more vulnerable that it already is with Pippy, Develop and Terminal?<br>
<br>
If not then I don't see a problem. I would like learners have access to more functions than in the math module.<br>
<br>
The idea of empowering learners has risks, that's why the XO is easily re-flashed. The only thing that worries me is a virus spreading through the mesh network, but I suspect that whatver the risk is, its already there</blockquote>
<div><br>The model is different, though, with TA. Develop and Terminal are single-user programs, you can't "join" and automagically get tainted code.<br><br>An idea for "securing" TA as Walter describes it would be to have the python code be parsed by TA itself and not the interpreter, filtering out _very_carefully_ unwanted imports, open()s, evals(), compiles(), and execs(). <br>
</div></div><br>-- <br>Luke Faraone<br><a href="http://luke.faraone.cc">http://luke.faraone.cc</a><br>