[Sugar-devel] programming on thin ice

Tomeu Vizoso tomeu at sugarlabs.org
Fri Jan 30 04:05:38 EST 2009

Previous message: [Sugar-devel] programming on thin ice
Next message: [Sugar-devel] programming on thin ice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 30, 2009 at 09:38, Morgan Collett <morgan.collett at gmail.com> wrote:
> On Fri, Jan 30, 2009 at 04:59, Benjamin M. Schwartz
> <bmschwar at fas.harvard.edu> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Walter Bender wrote:
>>> (1) A simple idea I am exploring are to allow Turtle Art users to
>>> enter simple Python commands directly into a block, as per
>>> http://sugarlabs.org/go/Image:Ta-sin.png
>>
>> Beautiful.
>>
>>> But here is my question:
>>>
>>> My code for #1 above is:
>>>
>>> def myfunc(lc, f, x):
>>>     myf = "def f(x): return " + f
>>>     userdefined = {}
>>>     try:
>>>         exec myf in globals(), userdefined
>>>     except:
>>>         raise logoerror("#syntaxerror")
>>>     return userdefined.values()[0](x)
>>>
>>> What I am concerned about is making the system vulnerable by letting
>>> arbitrary functions to execute within TA.
>>
>> Don't worry about it.  Three reasons:
>>
>> 1.  You're right.  Rainbow's protections here are strong.  The
>> user-modified code can neither read nor write nor overwrite the contents
>> of the Journal, for example.  There are lots of other bad things it could
>> do, like fill the disk with junk, break the TurtleArt icons so that
>> TurtleArt won't start, or flood the network, but
>>
>> 2.  the user is writing this code themselves.  They'd have to go to great
>> lengths, just to (very temporarily) break their own machine.  Besides,
>>
>> 3.  the remaining issues in (1) should be fixed inside Rainbow, rather
>> than ineffectually patched by each Activity.
>
> Pippy already lets them write and run arbitrary code in the UI.
>
> If they can run Terminal, they can write and run arbitrary code.

I think the issue isn't the user being tricked into writing code that
may go against his interests, but clicking on a shared turtle art
instance and getting something bad happen without being able (being
given enough tools) to protect against it.

AFAIK, Rainbow isn't yet restricting access to the datastore, and more
over, isn't working on other platforms than the XO.

So for the time being, activity authors may need to think about the
consequences of letting arbitrary code run on machines where the user
may not know the consequences.

Regards,

Tomeu

Previous message: [Sugar-devel] programming on thin ice
Next message: [Sugar-devel] programming on thin ice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list