[Bf-committers] Web Plugin :: Python Sandbox

Marcelo Coraça de Freitas mfreitas at ydeasolutions.com.br
Thu Aug 28 16:02:59 CEST 2008


Em Qui, 2008-08-28 às 15:48 +1000, Campbell Barton escreveu:
> Talked to some python devs, apparently the python sandboxing problems
> people speak of is from trying to sandbox python within python.
> The way blender does it is sandboxing should work well.

	That's great news!

> But there were some more functions that needed to be removed
> reload, file, execfile and compile, think thats it.

	I believe this can be done easily. Just a couple of more functions and some python API calls.

> Commited these changes, however the default is to allow these
> functions in blenderplayer, so possible they are only disabled in the
> web plugin,.

	I only looked at the netscape's plugin code and that's the only place
where sandboxing happens that I know of. Of course, the ActiveX plugin
gotta have some sort of sandboxing on it's own as well.

	As we are now using blenderplayer to actually play the .blend file, I'd
like to propose adding an option for sandboxing python in the stand
alone player.

	With this we have two major gains: we can secure both plugins with a
single implementation and we give users the option for running
untrusted .blend files in a safe and sane way.

	So, what do you guys think?


More information about the Bf-committers mailing list