[Bf-committers] Web Plugin :: Python Sandbox

Fri Aug 29 01:21:40 CEST 2008

Dealing with the BlenderPlayer or web plugin
Blender.Text.Load/Save or any other Blender.* functions,  aren't
compiled in so no need to worry about that.
also no need to worry about any modules that could do nasty things
since importing modules other then GameLogic, Rasterizer etc are
disabled.

The only file writing function Ive seen from the blenderplayer is to
save a screenshot, this should be modified so you cant set the
filename to anything. see gp_Canvas->MakeScreenShot(filename);

Would be good to mail the python developers list to verify this is
safe or we are not missing any functions, my other concern is scripts
could fill the users memory by making a really large list for
instance, not sure how that would mess with the plugin.

On Fri, Aug 29, 2008 at 3:37 AM, Marcelo Coraça de Freitas
<mfreitas at ydeasolutions.com.br> wrote:
> Em Qui, 2008-08-28 às 18:45 +0200, Mathias Panzenböck escreveu:
>
> I'm no Python guru. I write a lot of very small Python scripts, but do no
> embedding. However I still want to point out the following:
> What not sandboxed things are possible through the blender API?
> E.g. you could Load a Textfile using Blender.Text.Load.
> Using this you could spy on a user. And with the urlib or webbrowser modules
> you could send back this informations (e.g. using a querystring). In a
> sandbox
> you have to forbid network access anyway. I don't know if access to
> Blender.Text
> would make sense from within a game anyway, so you could forbid it.
>
> Access to the entire Blender package is already forbiden from within the
> game engine. So, that's not really an issue for now.
>
> I don't know, is it somehow possible to write a file using blenders API?
> (e.g.
> through unpacked data) If so, you have to forbid that, too. What's up with
> library access to other .blend files (e.g. like /tmp/quit.blend)?
>
> I'm not sure, but as the modules exported to the Python scripting aren't
> focused on creating files I don't think it's possible now.
>
> Anyway, to call the sandbox done you should review all modules that are
> accessible from within it. Some modules in the standard lib have problems,
> where they are exporting modules they have imported (e.g. the forgot to use
> __all__) so it might be possible to import untrusted modules through some
> trusted ones.
>
> I see. That might cause some problems. Only Python gurus and lots of testing
> can tell us that and that will be forever a source of issues, as python is
> evolving and new packages are being written while sandboxing is not one of
> their priorities.
>
>
> I think this could be interesting for other projects, too. It would be great
> if you would document what need to be done to make a sandboxed python in the
> wiki.
>
> Yeah! Agreed. Maybe I'll dedicate some of my time on this task - even
> thought I'm not a python neither a blender expert.
>
>
> Regards,
>
>
>
> Marcelo Coraça de Freitas
> Gerente de TI
>
> Ydea Desenvolvimento de Software LTDA.
> Av. Adolfo Pinheiro, 2338 - Alto da Boa Vista
> CEP.:04734-004 - São Paulo - SP
> Tel.: 55-11-5523-0333
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>
>