[Bf-committers] Cant disable scripts

Alex Fraser alex at phatcore.com
Sun Jun 1 03:42:59 CEST 2008

On 6/1/08, Campbell Barton <ideasman42 at gmail.com> wrote:
>  When opening blend files from an unknown source, they can run python
>  scripts which could do bad stuff, like remove all files in your home
>  directory for instance. even worse for systems that run as admin by
>  default.
>  [...]
>  Could someone (Willian or Jesterking) look into a way to disable pynodes.
>  otherwise we but this in the too hard basket and run untrusted blends
>  in a VM/chroot/underprivileged account.

Speaking of privileges, is there a way to run scripts in a sandbox
(without using chroot)? Completely disabling scripts would seem to be
less secure: in most cases the scripts are required to make the file
useful, so users may get into the habit of allowing them without
thinking. Even if users are good and disable scripts by default, how
many will read the script to check for threats when it becomes
apparent that it is needed by the scene?

I think it would be better to allow all scripts to run, but to prompt
the user if a script needs to do some IO.


More information about the Bf-committers mailing list