[Bf-committers] ActiveX code rewrite (or request for creating a branch)
Enrico Fracasso
enrico.fracasso at email.it
Thu Nov 27 20:02:13 CET 2008
On Tue, Nov 25, 2008 at 18:12, Ton Roosendaal <ton at blender.org> wrote:
> Hi,
>
>> (by Roger Wickes)
>> If the Blender Foundation has an active certificate, they could sign
>> the plug-in when it is released, which would solve the IE Security
>> requirement.
>
> I'm extremely reluctant to go into this. I'd still rather see a third
> party picking it up, and turn into a business model with support,
> security, signed/locked/trusted content, and also accepting the
> responsibility. A public web player is really a big step... not
> realistic to handle for a volunteer-based organization, and not
> something I have time or energy for to manage here (via Foundation or
> Institute).
>
More than content/ActiveX signing, I'm worried about python sandboxing
and GE security issues, especially on windows environment: IMHO the GE
(and blender in general) is not written to deal with untrusted
content: I'm thinking about special crafted .blend file that can
trigger a buffer overflow with remote code execution.
A possible solution to this situation is to sandbox/jail the whole
webplugin/GE, using something like AppArmor ( Google has done
something similar with Chrome:
http://crypto.stanford.edu/websec/chromium/chromium-security-architecture.pdf
)
Bye
--
Enrico Fracasso
More information about the Bf-committers
mailing list