Brian Blais wrote:
> Dan Bishop wrote:
> > On Dec 14, 8:36 pm, Brian Blais <[EMAIL PROTECTED]> wrote:
> >> [EMAIL PROTECTED] wrote:
> >>> [EMAIL PROTECTED] wrote:
> >>> Then on your PC you can
> >>>> run a script that loads each of such programs, and runs a good series
> >>>> of tests, to test their quality...
> >>> What happens if someone-- perhaps not even someone in the class-- does
> >>> some version of os.system('rm -Rf /') ?I was thinking of including a
> >>> dummy os.py and sys.py, so import os, and import sys
> >> would fail. Would this work?
> >
> > How would they access their command-line arguments without sys.argv?
> >
>
> the types of assignments that I am envisioning (finding the maximum in a list,
> parsing strings, etc.) will not need anything offered in os or sys.
> Certainly, if
> they were needed, another solution would need to be found.
>
>
If you do a search on the web, you will find that there are many other
security problems in Python that can not be prevented by simply
including dummy modules for os and sys.
Brett Cannon's PhD thesis is, afaik, based on looking at ways of
creating a secure Python environment. Other suggestions mentioned
before (like running in a virtual environment) might be the best way to
go for now. Having the user run the program on their own machine (like
would be done with the current version of Crunchy already mentioned in
this thread) would keep yours safe. Crunchy's doctest feature could be
"easily" modified so that it logs the number of attempts and mail the
results to a given address.
André
--
http://mail.python.org/mailman/listinfo/python-list
