[Bf-committers] Python security - proposal
Ton Roosendaal
ton at blender.org
Sun Jun 9 15:02:37 CEST 2013
Hi all,
Back to practical solutions we can work on for the next release!
Here's a proposal I think has a wide consensus:
1) "Trusted source" for autorun scripts gets default disabled.
2) On loading a .blend with autorun script, we notify a user of that. How that UI will work exactly has a number of solutions we can investigate further. I suggest Campbell to investigate it and test some ideas and propose that here.
The above should be a real 2.68 target.
Further actions we can take:
3) Implement a friendly (easy to use) way for marking/defining .blend files to be always be trusted. Also here a number of solutions are possible, like preset directories for where such files are located, or a way to sign personally saved files. Or both.
I propose Campbell to investigate that further too with some people and come with a final proposal for it.
4) Cleanup Blender file writing code itself as well. Like stop using /tmp for files, and enforce relative paths for (automatic) output file writing.
5) Figure out if there's any way to detect malicious scripts...
6) Kick Python.org and/or support the PyPy project to get 3.x Python secured somehow.
-Ton-
--------------------------------------------------------
Ton Roosendaal - ton at blender.org - www.blender.org
Chairman Blender Foundation - Producer Blender Institute
Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
More information about the Bf-committers
mailing list