[Etoys] finalStripping hangs waitForCommand

[Bert Freudenberg]

On 16.06.2009, at 12:08, K. K. Subramaniam wrote:

> On Tuesday 16 June 2009 02:49:39 pm Bert Freudenberg wrote:
>> This is either really dangerous or you cannot exchange projects
>> anymore. Which of the two evils did you choose?
> The latter. But it is not really evil ;-). It serves our purpose  
> admirably.
> LatexMorph Etoy is a tool that uses OSProcess to invoke latex on the
> underlying host to typeset LaTeX commands but the resulting graphic  
> is cached
> in the Etoy. On hosts without LaTeX, the graphic can be seen but not  
> edited.
>
> Of course, a project with this Etoy will not load into an image  
> without
> LatexMorph. The Etoy itself can be trashed after the graphic is  
> extracted into
> an ImageMorph if its use outside of our schools is intended.
>
> The code is available in http://www.squeaksource.com/LatexMorph. It  
> needs
> OSProcess (in the image) and latex and dvipng on the host. See  
> LatexMorph
> class for examples of usage.
>
> How is OSProcess more dangerous than console shell access?


It can be invoked from an Etoys script. Someone could make a project  
that deletes your user directory as soon as you load it on your  
machine. To prevent this, the file sandbox gets enabled as soon as you  
load a project authored by someone else.

That's why Dave put in a feature to disable OSProcess if the file  
sandbox is enabled. But that means you cannot invoke OSProcess  
functions anymore, hence you cannot edit a LatexMorph someone else  
sent you even if you have Latex installed.

That's what I meant with having to choose between security and project  
exchange (even if all users are using the same image).

Or are you running in Sugar on the XO under Rainbow? Then of course it  
would be fine, because Rainbow provides a sandbox that covers native  
code, too (and hence we do not enable the Etoys sandbox under  
Rainbow). Too bad there is so little interest in Rainbow elsewhere :(

- Bert -