[Bf-committers] Web Plugin :: Python Sandboxing, Command Line Arguments and ActiveX

Marcelo Coraça de Freitas mfreitas at ydeasolutions.com.br
Sun Nov 2 17:38:42 CET 2008 

Ton, all


	As the plugin - even the new active x one - is based on launching the
blenderplugin in a forked process, I think it'd be the best to create a
sandbox by intercepting dangerous syscalls - such as to open file,
access devices and so on.

	This shouldn't be that hard to do. I know windows does have a standard
and well documented way of doing this and I believe the same is valid
for POSIX systems.

	This sould give us a more secure environment and it'd be easier to
maintain our code as we'd be free to put anything in the blenderplayer
and still have a secure plugin.


	Now, to the ActiveX plugin status I have some things to do.

	Right now I'm having problems building blender in windows - I have to
enable the -i option in this environment so I can continue. I'll try
cross compilling today. After that I'll have to learn how to make a
window that's available to the child process for rendering - like in
linux' xembed.

	Only then I'll create a basic ActiveX controll that will download
the .blend file and execute blenderplayer.

	No scripting support so far but it's worth as:
		1. the plugin mechanism will be the same as for the mozilla - only the
plugin controller will be different.
		2. each plugin will run in it's own process instance. It means no more
locking and global variables issues.
		3. the scripting in both platform will be consistent. It's most
likelly it's gonna be implemented at the same time.
		4. new features in blenderplayer will be automatically available in
the plugin. :)

	I could list more advantages, but I thing those are enough.


	Do you guys agree with this approach for the windows plugin?


Regards,


Em Dom, 2008-11-02 às 12:18 +0100, Ton Roosendaal escreveu:
> Hi,
> 
> Reminder to py team: got time for sandbox code reviews?
> 
> -Ton-
> 
> ------------------------------------------------------------------------
> Ton Roosendaal  Blender Foundation   ton at blender.org    www.blender.org
> Blender Institute BV  Entrepotdok 57A  1018AD Amsterdam The Netherlands
> 
> On 28 Oct, 2008, at 13:51, Marcelo Coraça de Freitas wrote:
> 
> > Hello there,
> >
> > 	I think it's time to send some information about the web plugin
> > development being done by our team.
> >
> >
> > 	First, thanks to Adèle Ribeiro the python sandbox can now be enabled 
> > by
> > the -S command line option in blenderplayer (see ticket #17836). 
> > Please,
> > bf gurus, send us some feedback on this.
> >
> > 	Other thing she is finishing up right now is another command line
> > option, -P, that is to be used by the Web Plugin to pass arguments to
> > the python engine. I am aware of the sys.argv in sys module but as sys
> > is a insecure package we are not using it. We could also implement
> > something like GameLogic.argv but we where not sure about changing
> > already existing modules so we decided to put it elsewhere. A patch
> > should be submited today.
> >
> >
> > 	Now about the ActiveX plugin. I'm trying to implement the same 
> > approach
> > used in the Linux plugin (ie, forking the process sending the window id
> > to blenderplayer). I'm not anywhere close yet, so if you guys have any
> > consideration PLEASE tell me.
> >
> > 	There is one good thing though. I've found out that Video Lan Client
> > has an ActiveX controll that is built using gcc's cross compile 
> > feature.
> > I'll take a look at their codebase before starting as working in linux
> > to release a binary to windows is our most prefered way of doing 
> > things.
> >
> >
> > 	I've waited 'till now to send this e-mail due to the later releases.
> >
> >
> >
> > Regards,
> >
> > --
> > Marcelo Coraça de Freitas
> > Ydea Desenvolvimento de Softwares Ltda
> >
> > _______________________________________________
> > Bf-committers mailing list
> > Bf-committers at blender.org
> > http://lists.blender.org/mailman/listinfo/bf-committers
> >
> 
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list