[alicebot-general] J-Alice 0.5 - security risk by learning system calls
mehri
foreverlinux at yahoo.com
Wed Aug 2 22:27:52 PDT 2006
Something that is missing from the open source community that would help further projects like J-ALICE:
A clean well documented open source IRC C++ and Java client api for developers.
Both J-ALICE and ProgramD could really use this but I don't see any out there. :-(
----- Original Message ----
From: kolya <kolya at schwarzsilber.de>
To: alicebot-general at list.alicebot.org
Sent: Wednesday, August 2, 2006 2:02:36 PM
Subject: [alicebot-general] J-Alice 0.5 - security risk by learning system calls
I run J-Alice by Jonathan Roewen from my winXP desktop.
http://sourceforge.net/projects/j-alice
She connects to an IRC channel where I usually go. And when people say
her name or /MSG her, she talks with them.
Now I wanted J-Alice to learn through input of IRC chatters.
I tested the "badanswer.aiml" that's floating around the net.
But soon I realised it's designed for Pandora bots only.
So I wrote my own simple learning.aiml that looks like this:
<category>
<pattern>WRONG</pattern>
<template>
<think>
<set name="question">
<uppercase><input index="2"/></uppercase>
</set>
</think>
What should I say?
</template>
</category>
<category>
<pattern>*</pattern>
<that>WHAT SHOULD I SAY</that>
<template>
<think>
<set name="answer"><input/></set>
</think>
<learn>
<pattern><get name="question"/></pattern>
<template><get name="answer"/></template>
</learn>
Learned.
</template></category>
We had a lot of fun with this on IRC until I realised (fortunately being
the first to do so) that something like this could easily happen:
HACKER: Annoy Kolya
BOT: Blablah.
HACKER: wrong
BOT: What should I say?
HACKER: <system>explorer</system>
BOT: Learned.
HACKER: Annoy Kolya!
At that moment an explorer window pops up at my desktop. Really.
With a similar command my HD might get deleted.
J-Alice has basically become a trojan horse. Well of course it was my
own fault for writing this learn.aiml, I know.
I still want her to be able to learn but of course not how to hack my
computer... :/
So I tried "catching" answers with the word "<SYSTEM>" or
"<SYSTEM>" in AIML but that didn't work because the word doesn't
stand alone.
And the possibilities of commands that someone can put between <system>
and </system> are endless.
Same problem occured with replacing it in the substitutions.xml.
Any ideas how to make learning more secure would be very appreciated!
Another minor problem I ran into is that the initial user input in
learning may not contain a punctuation mark for some reason. I don't
know why this is so, but it would of course help when people could just
talk freely and then correct her instead of making "preformatted"
utterances for the bot.
Kolya
_______________________________________________
This is the alicebot-general mailing list
Reply to alicebot-general at list.alicebot.org
Unsubscribe and change preferences at http://list.alicebot.org/mailman/listinfo/alicebot-general
Learn netiquette at http://www.dtcc.edu/cs/rfc1855.html
Learn to read at http://www.literacy.org/
More information about the alicebot-general
mailing list