[Sugar-devel] programming on thin ice

Walter Bender walter.bender at gmail.com
Thu Jan 29 21:47:08 EST 2009

Previous message: [Sugar-devel] Fwd: FW: [Sur] videos de Rivera, Uruguay (Excellent!)
Next message: [Sugar-devel] programming on thin ice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've been in discussion with Bill Kerr and Tony Forster about how to
make it easier for Sugar users to dig a bit deeper into code. Tony has
a nice blog entry on the topic here: http://tonyforster.blogspot.com/

(1) A simple idea I am exploring are to allow Turtle Art users to
enter simple Python commands directly into a block, as per
http://sugarlabs.org/go/Image:Ta-sin.png

(2) I am also planning to add a block that calls a "nop" internally as
an invitation to have new functionality added directly into the
activity without the additional overhead of having to deal with
managing all of the UI elements associated with adding blocks.
(Perhaps View Source will save just that block to the Journal for
editing in Pippy.)

But here is my question:

My code for #1 above is:

def myfunc(lc, f, x):
    myf = "def f(x): return " + f
    userdefined = {}
    try:
        exec myf in globals(), userdefined
    except:
        raise logoerror("#syntaxerror")
    return userdefined.values()[0](x)

What I am concerned about is making the system vulnerable by letting
arbitrary functions to execute within TA. I can imagine that Rainbow
would be of some protection here, but are there other things I can do
to restrict, say to the math module, the functions available.

-walter

-- 
Walter Bender
Sugar Labs
http://www.sugarlabs.org

Previous message: [Sugar-devel] Fwd: FW: [Sur] videos de Rivera, Uruguay (Excellent!)
Next message: [Sugar-devel] programming on thin ice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list