Can matlab grader questions be vulnerable by hackers through pretest?

2022 4월 30
3 답변
답변 채택됨
업데이트 시간: 2024 12월 20
조회 수: 151 (30일)

 채택된 답변

Cris LaPierre
Cris LaPierre 2022년 4월 30일
편집: Cris LaPierre 2022년 4월 30일

0 개 추천

If the pretest assessment is a MATLAB Code test type, then learners can expand the test to see the underlying assessment test code.
If that code gives away too much, then consider not making that assessment a pretest. If you are not limiting the number of submissions (default behavior in MATLAB Grader), then there is really no value to making any of the tests pretests anyway.
For an example of how to use pretests, consider looking at the "Calculating voltage using Kirchhoff loops" example problem in the Getting Started with MATLAB Grader problem collection.
I do have some concerns with the code you have shown. Perhaps if you can explain what you are trying to do with this code, perhaps there is an opportunity to modify the problem design.

추가 답변 (2개)

Jeff Alderson
Jeff Alderson 2022년 4월 30일

1 개 추천

Every time a learner solution is submitted, the solution is recorded and made available to the instructor. Solutions that use obvious attempts at circumventing assessment tests would be very transparent when compared to learner solutions that attempt to solve the problem in good faith. Additionally, the instructor can check for the presence of certain keywords and functions and fail the assessment if they are found. Similarly, the instructor could look for the presence of keywords necessary to solve the problem in the desired way, and fail the assessment if they are not found.
Piotr Kot
Piotr Kot 2024년 12월 15일
편집: Piotr Kot 2024년 12월 15일

0 개 추천

Nonsense
hack:
fprintf(fopen('./solutionTest.m', 'w'), '%s', '');
always works even if 'fopen' and 'fprintf' keywords are disabled

댓글 수: 15
이전 댓글 13개 표시 이전 댓글 13개 숨기기

Jeff Alderson
Jeff Alderson 2024년 12월 15일
편집: Jeff Alderson 2024년 12월 16일
It is irresponsible to encourage learners to circumvent assessment tests in the way you are proposing. Each and every submission attempt by a learner is recorded and made available to the instructor. Attempts to circumvent assessment tests in the manner you are proposing are highly visible to instructors and may be in violation with the academic integrity policies of the course/school where the product is being used.
Lastly, rest assured that the development team for MATLAB Grader is monitoring this article, and has already made note of this proposed attempt to circumvent assessment tests in the product. Even though the product may appear to accept such a circumvention submission by a learner, it would not be safe to assume that the learner’s attempt at circumvention is not known to MathWorks or the instructor for the course where the product is being used.
Piotr Kot
Piotr Kot 2024년 12월 16일
편집: Piotr Kot 2024년 12월 16일
The attack consists of one line, so it is easy to miss it among many other commands The instructor who does not take this type of attack into account will have no choice but to accept the answer!!!It is crucial to protect the attacked file from modification!!!Protection against the attack with the save command has not been successful for two years, so it will be the same with my proposed attack!!!
Piotr Kot
Piotr Kot 2024년 12월 16일
편집: Piotr Kot 2024년 12월 16일
The problem has been reported to the Matlab Gradle team.I am currently able to secure the tests against the attacks described in this thread using instructor commands, but I will wait for the team's response.
Piotr Kot
Piotr Kot 2024년 12월 16일
I've actually tried a few other attacks, the Matlab Grader team can find them in the logs of one of my courses. There's also a vaccine there. But I won't spoil the fun :)
Piotr Kot
Piotr Kot 2024년 12월 16일
이동: John D'Errico 2024년 12월 16일
I think the team should speed up their work.Things are starting to get really interesting....
fprintf(fopen('try1.m','w'),'%s',"system('id')")
try1
Piotr Kot
Piotr Kot 2024년 12월 18일
이동: Cris LaPierre 2024년 12월 18일
Matlab Teams doesn't take these types of reports seriously, which creates a unique opportunity to see how their operating system works:
fprintf(fopen('try1.m','w'),'%s',"system('cd /usr/bin; ls -la|head')")
try1
Output:
ans =
34
total 76736
drwxr-xr-x 1 root root 6144 Dec 17 16:22 .
drwxr-xr-x 1 root root 4096 Dec 18 05:35 ..
-rwxr-xr-x 1 root root 55744 Apr 5 2024 [
-rwxr-xr-x 1 root root 4486 Apr 12 2024 aa-easyprof
-rwxr-xr-x 1 root root 18744 Jul 18 18:28 aa-enabled
-rwxr-xr-x 1 root root 18744 Jul 18 18:28 aa-exec
-rwxr-xr-x 1 root root 18736 Jul 18 18:28 aa-features-abi
-rwxrwxrwx 1 root root 16422 Aug 15 08:26 add-apt-repository
-rwxr-xr-x 1 root root 14720 Aug 9 02:33 addpart
ans =
0
Piotr Kot
Piotr Kot 2024년 12월 18일
이동: Cris LaPierre 2024년 12월 18일
And all it would take would be to remove write permissions in the directory
Piotr Kot
Piotr Kot 2024년 12월 18일
이동: Cris LaPierre 2024년 12월 18일
In such a situation, I am posting my solution to the problems described above. You should prepare a solution.p from the solution.m file and add it to the task so that the student cannot do the things described in this thread
solution.m :
fileID = fopen("solution.p", 'r+');
fclose(fileID);
clear fileID;
kod=fileread("solution.m");
forbidden = ["java","pyrun","matlab","fileattrib", "save","load","matfile"];
pattern=strjoin(forbidden,'|');
if ~isempty(regexp(kod, pattern, 'once'))
error("Forbidden!!!");
end
copyfile('solution.m', 'solution1.m');
fileattrib '.' '-w' 'u'
fileattrib '*' '-w' 'u'
evalin('caller','solution1');
Piotr Kot
Piotr Kot 2024년 12월 18일
이동: Cris LaPierre 2024년 12월 18일
At the same time, I am announcing a competition to break through my security
Piotr Kot
Piotr Kot 2024년 12월 18일
이동: Cris LaPierre 2024년 12월 18일
Apparently my solution actually exploits another vulnerability
Piotr Kot
Piotr Kot 2024년 12월 18일
이동: Cris LaPierre 2024년 12월 18일
By the way, let's note that my solution gives a unique possibility of control over the student's solution.The solution.p file always starts, which allows copying the student's solution from the solution.m file to another and starting it. Of course, if the student had the possibility of overwriting the solution.p file, it would be a problem.
A heartfelt request to the Matlab Grader team to prepare a similar but already safe control option as part of their solution.
Cris LaPierre
Cris LaPierre 2024년 12월 18일
If you would like to provide feedback to MathWorks, you can do that here: https://www.mathworks.com/support/contact_us.html
Piotr Kot
Piotr Kot 2024년 12월 18일
편집: Walter Roberson 2024년 12월 18일
I reported the problems described above via https://www.mathworks.com/support/bugreports
Piotr Kot
Piotr Kot 2024년 12월 20일
One more small note. My attempt to solve the problem can also be overcome. It turns out that the /tmp directory is available for writing to anyone who wants it. And then, of course, we run a script with any commands we want.
Piotr Kot
Piotr Kot 2024년 12월 20일
And finally, to sum up the Matlab Grader team's response:
„The behavior explained through the reproduction steps is intended. The MATLAB session running within Grader operates within an isolated containerized instance. Logged-in users are permitted to run MATLAB functions, including commands that interact programmatically with the operating system and the MATLAB application. Therefore, executing the 'system' command does not introduce any additional risk to MATLAB Grader."

댓글을 달려면 로그인하십시오.

커뮤니티

더 많은 답변 보기:  원격 교육 커뮤니티

카테고리

도움말 센터File Exchange에서 Startup and Shutdown에 대해 자세히 알아보기

태그

질문:

Hermes Pantoja
Hermes Pantoja
2022년 4월 30일

댓글:

Piotr Kot
Piotr Kot
2024년 12월 20일

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by