[Bf-committers] "Security" gets in the way
Harley Acheson
hacheson at shawnigan.ca
Thu Apr 29 06:31:57 CEST 2010
Hello,
Sorry, but I couldn’t resist weighing into this debate because I feel I have a fairly
unique perspective on this security issue. I am a Blender noob, a long-time
developer (25 years but very little with C), but I spend my days as a network
administrator for a large-ish network (650 users, 700 computers). So you would
naturally think that I would be in the “theoretical IT types” in favor of high security
in Blender.
But I am not. In fact the only feature I would need is the temporary ability to load
an autoexecuting blend without it doing so. Otherwise, I wish for no other prompts,
preferences, or nannying.
Yes, it is easy to make a python script that steals passwords or deletes your files, just
as it is easy to do so in any programming language. The danger potentially lurking in
an evil blend file is the same as in any program you could download from the internet.
There isn’t any comparison to Word and Excel macro viruses or other types of threat.
Blend files just don’t have the same audience, or the ability to quickly propagate. You
either need fast self-replication or very fast and wide direct distributions in order keep
it from self-limiting and to isolate the writer of the threat from getting caught.
Seriously… try to imagine a scenario where you could cause mischief in some way with
an autoexecuting Blend that would be long-lasting and leaves you anonymous, and
therefore out of jail. Blend file just aren’t traded and shared the way the Word files are.
We’ve had the ability to run scripts on load for years and this threat has yet to surface.
At my very secure network my uses cannot do anything (with python or anything else)
that could wreck the computer they are using because they don’t run with the privileges
necessary to do such damage. They are also unable to damage any files but their own,
and if they manage that they can just restore them themselves from a snapshot from a few
hours earlier. Or they can have me restore their files from a backup.
So for me this isn’t a “security hole”, but just what any program can potentially do. You
have the weigh the risks and deal with all the possibilities. My users are much more likely
to accidentally delete files themselves than have something else do it for them.
Just my two cents.
Harley Acheson
Virtual Dogsbody
Info Tech Department
Shawnigan Lake School
More information about the Bf-committers
mailing list