The problem with eval() is not a theorethical one – it’s just that the implementation is inherently unsafe. Python’s introspection features make it *impossible* to guarantee that eval() is safe. It’s fairly easy to jump off the sandbox. By the way – they had to rewrite a lot of the standard library code to support Python in Google’s App Engine. And that was GvR himself working there. They had to make sure that none of the modules that are authorized allowed calls to use any of the available techniques to break out of the sandbox.

BTW: Next time a professor or a Nobel prize winner have something to say – please say it directly. Borrowing credentials from Turing are no help here.

Just as the prof was trying to broaden the perspective within the art and science, I was extending (trying to, anyway) to the bigger picture of working in our profession. The prof said “In this profession, you need to become more than the sum of the artifacts that you manipulate.” We are also more than manipulators of artifacts and we need to understand that fact and talk about it.

I firmly believe that our “profession” needs to address the issue of ethics, ethical standards, responsibility. We have, as a profession, largely ignored it and it’s been to our detriment. The ACM’s Code of Ethics (http://www.acm.org/about/code-of-ethics) is a great place to start but we never talk about things like that.

When I was in school back in the 70′s, we joked that computer programmers were going to take over the world. It seems we were more right than we knew. What we do is, in many respects, what runs the world – business, communications, entertainment, learning and just about everything else works the way it does because of us. We have an awesome power and should be awed at the conjugate responsibilty.

The “It would be his fault” attitude seems to me to derive from the same sloppy “thinking” that gives rise to statements like “she should not have worn that slinky outfit, it’s no surprise she got raped.” NB: I’m saying those notions arise from the same source; of course I’m not trying to draw some equivalence with rape. How about we make it “If I punched you in the nose, it would be your fault for not ducking?”

This isn’t about me, about the blogger, about anyone in particular. This long comment is about recognizing that we are more than programmers. We are the folks who people the world over have to trust both implicitly and explicitly. We have to trust _each other_. Ken Thompson said “You can’t trust code that you didn’t totally write yourself.” In other words, you bascially can’t trust *any* code. The scenario Chris concocted would be a sore violation of trust.

Again, I’m not talking about one’s repsonsibility when using eval() or whatever. I’m talking about the underlying attitudes and assumptions, the self reinforcing tunnel vision that’s going on here and throughout our profession.

I want to say as well that I’m not accusing Chris of anything in particular. I’m not saying he’s a malicious shit. It’s the total lack of discussion – among us self-identifying “professionals” – about being malicious, and shifting (intentionally or not) the blame, that makes it clear that we need to formally introduce a code of ethics, and education to go with it. We need it desperately.

Here’s an exercise for you: for what is eval() in
python absolutely required? I’ll guess nothing.
So the advice stands up well, even though it might be
in some cases safe enough and efficient enough to
do an eval().

If I were fired by you for that reason, I’d be relieved to no longer be employed by you.

Yes, it was the attacker who committed a ethical violation, but that being said, it is still the victim who has the responsibility to prevent such an attack. That is our job. We must assume that all inputs are adversarial and do everything within our power to ensure security. To do otherwise is a violation of our obligations.

Saying “it’s the victim’s fault” is a bit severe without qualification, but it’s not too far off. If you want to use eval(), you must accept the consequences and factor them into your design. You can’t directly be held accountable for the unethical actions of those abusing your decision, but having known in advance that someone would most certainly try, you can certainly be held professionally accountable for the decision to use such a mechanism by your employer.

Photo of Dr. Dale Parson

Yes, you’re correct. Inserting malicious code to be run by some professor who is assumed to be totally not careful about running random code, would not require use of eval. This is what makes that whole bit silly.

Eval is very useful, but it provides none of the safety the professor thinks it does. A false sense of security is much worse than having no security at all.

For the example given, however, eval is not the right tool for the job. If you expect the argument to eval to be the name of a function, it would make more sense to just look for the function name in the symbol table and not have to worry about evaluating arbitrary expressions. Read up about the builtins called globals, locals, and vars.

sortfunc=vars()[sys.argv[1]]

This thread makes me really glad that I learned to program on the interwebs instead of in a classroom!