[Bf-committers] Web Plugin :: Python Sandbox

Mathias Panzenböck grosser.meister.morti at gmx.net
Thu Aug 28 18:45:31 CEST 2008

Marcelo Coraça de Freitas schrieb:
>    Python gurus: is this a safe/sane approach? Can a sandbox like this
> be called safe in the web environment (ie, it can't be used to cause
> real damage into the system)? Wouldn't be great if the game engine came
> with other modules? For the plugin code, I'd mostly like to have at very
> least XML processing (to be honest, I'd love to have CORBA too). It'd be
> awesome if we could give our users some method for installing such
> extensions.

I'm no Python guru. I write a lot of very small Python scripts, but do no
embedding. However I still want to point out the following:
What not sandboxed things are possible through the blender API?
E.g. you could Load a Textfile using Blender.Text.Load.
Using this you could spy on a user. And with the urlib or webbrowser modules
you could send back this informations (e.g. using a querystring). In a sandbox
you have to forbid network access anyway. I don't know if access to Blender.Text
would make sense from within a game anyway, so you could forbid it.

I don't know, is it somehow possible to write a file using blenders API? (e.g.
through unpacked data) If so, you have to forbid that, too. What's up with
library access to other .blend files (e.g. like /tmp/quit.blend)?

Anyway, to call the sandbox done you should review all modules that are
accessible from within it. Some modules in the standard lib have problems,
where they are exporting modules they have imported (e.g. the forgot to use
__all__) so it might be possible to import untrusted modules through some
trusted ones.

Campbell Barton schrieb:
> Talked to some python devs, apparently the python sandboxing problems
> people speak of is from trying to sandbox python within python.
> The way blender does it is sandboxing should work well.
> But there were some more functions that needed to be removed
> reload, file, execfile and compile, think thats it.

I think this could be interesting for other projects, too. It would be great
if you would document what need to be done to make a sandboxed python in the


More information about the Bf-committers mailing list