Can matlab grader questions be vulnerable by hackers through pretest?

조회 수: 2 (최근 30일)
Hermes Pantoja
Hermes Pantoja 2022년 4월 30일
댓글: Piotr Kot 2024년 12월 20일
for example:
Using ethical hacking it was obtained
then replaced in Learner template

이 질문에 답변하려면 로그인하십시오.

채택된 답변

Cris LaPierre
Cris LaPierre 2022년 4월 30일
편집: Cris LaPierre 2022년 4월 30일
If the pretest assessment is a MATLAB Code test type, then learners can expand the test to see the underlying assessment test code.
If that code gives away too much, then consider not making that assessment a pretest. If you are not limiting the number of submissions (default behavior in MATLAB Grader), then there is really no value to making any of the tests pretests anyway.
For an example of how to use pretests, consider looking at the "Calculating voltage using Kirchhoff loops" example problem in the Getting Started with MATLAB Grader problem collection.
I do have some concerns with the code you have shown. Perhaps if you can explain what you are trying to do with this code, perhaps there is an opportunity to modify the problem design.

추가 답변 (2개)

Jeff Alderson
Jeff Alderson 2022년 4월 30일
Every time a learner solution is submitted, the solution is recorded and made available to the instructor. Solutions that use obvious attempts at circumventing assessment tests would be very transparent when compared to learner solutions that attempt to solve the problem in good faith. Additionally, the instructor can check for the presence of certain keywords and functions and fail the assessment if they are found. Similarly, the instructor could look for the presence of keywords necessary to solve the problem in the desired way, and fail the assessment if they are not found.
Piotr Kot
Piotr Kot 2024년 12월 15일
편집: Piotr Kot 2024년 12월 15일
Nonsense
hack:
fprintf(fopen('./solutionTest.m', 'w'), '%s', '');
always works even if 'fopen' and 'fprintf' keywords are disabled
  댓글 수: 15
이전 댓글 13개 표시
Piotr Kot
Piotr Kot 2024년 12월 20일
One more small note. My attempt to solve the problem can also be overcome. It turns out that the /tmp directory is available for writing to anyone who wants it. And then, of course, we run a script with any commands we want.
Piotr Kot
Piotr Kot 2024년 12월 20일
And finally, to sum up the Matlab Grader team's response:
„The behavior explained through the reproduction steps is intended. The MATLAB session running within Grader operates within an isolated containerized instance. Logged-in users are permitted to run MATLAB functions, including commands that interact programmatically with the operating system and the MATLAB application. Therefore, executing the 'system' command does not introduce any additional risk to MATLAB Grader."

댓글을 달려면 로그인하십시오.

커뮤니티

더 많은 답변 보기:  원격 교육 커뮤니티

카테고리

Help CenterFile Exchange에서 Testing Frameworks에 대해 자세히 알아보기

태그

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by