[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [36363] trunk/blender: CMake build option for security report: CVE-2009-3850

Thu Apr 28 08:20:47 CEST 2011

Revision: 36363
          http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=36363
Author:   campbellbarton
Date:     2011-04-28 06:20:47 +0000 (Thu, 28 Apr 2011)
Log Message:
-----------
CMake build option for security report: CVE-2009-3850
Nothing is changed by default but some linux distributions want to have executing python be opt-in.

This keeps the same functionality but disables auto-run from factory settings and in background mode unless its enabled as a command line argument.

This CMake option is marked as advanced and wont show in the regular options list so its less likely to be enabled by people that like to turn everything ON without reading descriptions :)

Modified Paths:
--------------
    trunk/blender/CMakeLists.txt
    trunk/blender/source/blender/blenkernel/CMakeLists.txt
    trunk/blender/source/blender/blenkernel/intern/blender.c
    trunk/blender/source/blender/windowmanager/CMakeLists.txt
    trunk/blender/source/blender/windowmanager/intern/wm_files.c
    trunk/blender/source/creator/CMakeLists.txt
    trunk/blender/source/creator/creator.c

Modified: trunk/blender/CMakeLists.txt
===================================================================

--- trunk/blender/CMakeLists.txt	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/CMakeLists.txt	2011-04-28 06:20:47 UTC (rev 36363)
@@ -102,8 +102,12 @@
 
 # Blender internal features
 option(WITH_INTERNATIONAL "Enable I18N (International fonts and text)" ON)
+
 option(WITH_PYTHON        "Enable Embedded Python API  (only disable for development)" ON)
+option(WITH_PYTHON_SECURITY "Disables execution of scripts within blend files by default (recommend to leave off)" OFF)
 mark_as_advanced(WITH_PYTHON)  # dont want people disabling this unless they really know what they are doing.
+mark_as_advanced(WITH_PYTHON_SECURITY)  # some distrobutions see this as a security issue, rather then have them patch it, make a build option.
+
 option(WITH_PYTHON_SAFETY "Enable internal API error checking to track invalid data to prevent crash on access (at the expense of some effeciency, only enable for development)." OFF)
 option(WITH_PYTHON_MODULE "Enable building as a python module (experemental, only enable for development)" OFF)
 option(WITH_BUILDINFO     "Include extra build details (only disable for development & faster builds)" ON)

Modified: trunk/blender/source/blender/blenkernel/CMakeLists.txt
===================================================================
--- trunk/blender/source/blender/blenkernel/CMakeLists.txt	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/source/blender/blenkernel/CMakeLists.txt	2011-04-28 06:20:47 UTC (rev 36363)
@@ -282,6 +282,10 @@
 if(WITH_PYTHON)
 	list(APPEND INC ../python ${PYTHON_INCLUDE_DIRS})
 	add_definitions(-DWITH_PYTHON)
+
+	if(WITH_PYTHON_SECURITY)
+		add_definitions(-DWITH_PYTHON_SECURITY)
+	endif()
 endif()
 
 if(WITH_OPENMP)

Modified: trunk/blender/source/blender/blenkernel/intern/blender.c
===================================================================
--- trunk/blender/source/blender/blenkernel/intern/blender.c	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/source/blender/blenkernel/intern/blender.c	2011-04-28 06:20:47 UTC (rev 36363)
@@ -140,8 +140,12 @@
 	G.charstart = 0x0000;
 	G.charmin = 0x0000;
 	G.charmax = 0xffff;
-	
+
+#ifndef WITH_PYTHON_SECURITY /* default */
 	G.f |= G_SCRIPT_AUTOEXEC;
+#else
+	G.f &= ~G_SCRIPT_AUTOEXEC;
+#endif
 }
 
 /***/

Modified: trunk/blender/source/blender/windowmanager/CMakeLists.txt
===================================================================
--- trunk/blender/source/blender/windowmanager/CMakeLists.txt	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/source/blender/windowmanager/CMakeLists.txt	2011-04-28 06:20:47 UTC (rev 36363)
@@ -98,6 +98,10 @@
 if(WITH_PYTHON)
 	list(APPEND INC ../python ${PYTHON_INCLUDE_DIRS})
 	add_definitions(-DWITH_PYTHON)
+
+	if(WITH_PYTHON_SECURITY)
+		add_definitions(-DWITH_PYTHON_SECURITY)
+	endif()
 endif()
 
 if(WITH_GAMEENGINE)

Modified: trunk/blender/source/blender/windowmanager/intern/wm_files.c
===================================================================
--- trunk/blender/source/blender/windowmanager/intern/wm_files.c	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/source/blender/windowmanager/intern/wm_files.c	2011-04-28 06:20:47 UTC (rev 36363)
@@ -418,6 +418,12 @@
 	if(success==0) {
 		success = BKE_read_file_from_memory(C, datatoc_startup_blend, datatoc_startup_blend_size, NULL);
 		if (wmbase.first == NULL) wm_clear_default_size(C);
+
+#ifdef WITH_PYTHON_SECURITY /* not default */
+		/* use alternative setting for security nuts
+		 * otherwise we'd need to patch the binary blob - startup.blend.c */
+		U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE;
+#endif
 	}
 	
 	/* prevent buggy files that had G_FILE_RELATIVE_REMAP written out by mistake. Screws up autosaves otherwise

Modified: trunk/blender/source/creator/CMakeLists.txt
===================================================================
--- trunk/blender/source/creator/CMakeLists.txt	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/source/creator/CMakeLists.txt	2011-04-28 06:20:47 UTC (rev 36363)
@@ -75,6 +75,10 @@
 if(WITH_PYTHON)
 	blender_include_dirs(../blender/python)
 	add_definitions(-DWITH_PYTHON)
+
+	if(WITH_PYTHON_SECURITY)
+		add_definitions(-DWITH_PYTHON_SECURITY)
+	endif()
 endif()
 
 if(WITH_GAMEENGINE)

Modified: trunk/blender/source/creator/creator.c
===================================================================
--- trunk/blender/source/creator/creator.c	2011-04-28 05:34:11 UTC (rev 36362)
+++ trunk/blender/source/creator/creator.c	2011-04-28 06:20:47 UTC (rev 36363)
@@ -1074,10 +1074,22 @@
 	BLI_argsAdd(ba, 1, "/?", NULL, "\n\tPrint this help text and exit (windows only)", print_help, ba);
 
 	BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version and exit", print_version, NULL);
+	
+	/* only to give help message */
+#ifndef WITH_PYTHON_SECURITY /* default */
+#  define 	PY_ENABLE_AUTO ", (default)"
+#  define 	PY_DISABLE_AUTO ""
+#else
+#  define 	PY_ENABLE_AUTO ""
+#  define 	PY_DISABLE_AUTO ", (compiled as non-standard default)"
+#endif
 
-	BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution (default)", enable_python, NULL);
-	BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)", disable_python, NULL);
+	BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution" PY_ENABLE_AUTO, enable_python, NULL);
+	BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)" PY_DISABLE_AUTO, disable_python, NULL);
 
+#undef PY_ENABLE_AUTO
+#undef PY_DISABLE_AUTO
+	
 	BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in background (often used for UI-less rendering)", background_mode, NULL);
 
 	BLI_argsAdd(ba, 1, "-a", NULL, playback_doc, playback_mode, NULL);


