Why are some commands blocked in Matlab Grader, e.g. system?

51 views (last 30 days)
Piotr Kot
Piotr Kot on 19 Dec 2024 at 20:05
Edited: Piotr Kot on 20 Dec 2024 at 12:31
When a Matlab Grader user uses certain commands in the solution, e.g.
path
system
then an error is returned:
Error: You may not use the command(s) path, system in your code

Sign in to answer this question.

Answers (1)

Deep
Deep about 8 hours ago
Edited: Deep about 8 hours ago
MATLAB Grader restricts certain commands for the purpose of cheating prevention and security reasons. These commands can alter the system environment or execute system-level tasks, which could lead to potential misuse or unintended side effects.
For a related discussion on command restrictions in MATLAB Grader, see https://www.mathworks.com/matlabcentral/answers/2083228-the-run-command-does-not-work-in-garder.
  1 Comment
Piotr Kot
Piotr Kot 9 minutes ago
Edited: Piotr Kot 1 minute ago
I understand that this was the original intention. But it seems to me that it turned out as usual: Every user of the Matlab Grader system can run the system or run command, for example, in this way:
fprintf(fopen('try1.m','w'),"%s","system('ls -la')")
try1
Output:
ans =
16
total 24
drwxr-xr-x 2 matlab matlabgroup 4096 Dec 20 12:21 .
drwx------ 3 matlab matlabgroup 4096 Dec 20 12:20 ..
-rw-r--r-- 1 matlab matlabgroup 24 Dec 20 12:21 ScoringEngineSharedVariable1.m
-rw-r--r-- 1 matlab matlabgroup 57 Dec 20 12:21 solution.m
-rw-r--r-- 1 matlab matlabgroup 31 Dec 20 12:21 solutionTest.m
-rw-r--r-- 1 matlab matlabgroup 16 Dec 20 12:21 try1.m
ans =
0
Moreover, the Matlab Grader team commented the above code in the following way:
„The behavior explained through the reproduction steps is intended. The MATLAB session running within Grader operates within an isolated containerized instance. Logged-in users are permitted to run MATLAB functions, including commands that interact programmatically with the operating system and the MATLAB application. Therefore, executing the 'system' command does not introduce any additional risk to MATLAB Grader."
And in this situation I completely do not understand why attempts were made to block anything at all.

Sign in to comment.

Tags

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!