[Bf-committers] Cant disable scripts

Campbell Barton ideasman42 at gmail.com
Sun Jun 1 04:58:14 CEST 2008

On Sun, Jun 1, 2008 at 3:42 AM, Alex Fraser <alex at phatcore.com> wrote:
> On 6/1/08, Campbell Barton <ideasman42 at gmail.com> wrote:
>>  When opening blend files from an unknown source, they can run python
>>  scripts which could do bad stuff, like remove all files in your home
>>  directory for instance. even worse for systems that run as admin by
>>  default.
>>  [...]
>>  Could someone (Willian or Jesterking) look into a way to disable pynodes.
>>  otherwise we but this in the too hard basket and run untrusted blends
>>  in a VM/chroot/underprivileged account.
> Speaking of privileges, is there a way to run scripts in a sandbox
> (without using chroot)? Completely disabling scripts would seem to be
> less secure: in most cases the scripts are required to make the file
> useful, so users may get into the habit of allowing them without
> thinking. Even if users are good and disable scripts by default, how
> many will read the script to check for threats when it becomes
> apparent that it is needed by the scene?
> I think it would be better to allow all scripts to run, but to prompt
> the user if a script needs to do some IO.
> Cheers,
> Alex

Sandboxing python would be the nicest solution - but from doing some
research and python dosnt provide this....


" Unfortunately, CPython's restricted execution capabilities (rexec,
Bastion) were deprecated after it was discovered that improved
introspection capabilities had rendered their mechanisms ineffective.
By using an alternative runtime (ie. Jython) or operating system
features (eg. chroot jails), you may actually be utilising a better
solution, however -- PaulBoddie"

One way might be to distribute blender with our own python modules and
then disable some (like os), however this wont stop python from
writing into files if it guesses the location. - Such as opening
~/.Blog and writing garbage to the last 10 files your working on.

so for now Id like to be able to disable automatic script execution altogether.

More information about the Bf-committers mailing list