[Bf-committers] "Security" gets in the way

Harley Acheson hacheson at shawnigan.ca
Thu Apr 29 06:31:57 CEST 2010 

Hello, 

Sorry, but I couldn’t resist weighing into this debate because I feel I have a fairly 
unique perspective on this security issue. I am a Blender noob, a long-time 
developer (25 years but very little with C), but I spend my days as a network 
administrator for a large-ish network (650 users, 700 computers). So you would 
naturally think that I would be in the “theoretical IT types” in favor of high security 
in Blender. 

But I am not. In fact the only feature I would need is the temporary ability to load 
an autoexecuting blend without it doing so. Otherwise, I wish for no other prompts, 
preferences, or nannying. 

Yes, it is easy to make a python script that steals passwords or deletes your files, just 
as it is easy to do so in any programming language. The danger potentially lurking in 
an evil blend file is the same as in any program you could download from the internet. 

There isn’t any comparison to Word and Excel macro viruses or other types of threat. 
Blend files just don’t have the same audience, or the ability to quickly propagate. You 
either need fast self-replication or very fast and wide direct distributions in order keep 
it from self-limiting and to isolate the writer of the threat from getting caught. 

Seriously… try to imagine a scenario where you could cause mischief in some way with 
an autoexecuting Blend that would be long-lasting and leaves you anonymous, and 
therefore out of jail. Blend file just aren’t traded and shared the way the Word files are. 
We’ve had the ability to run scripts on load for years and this threat has yet to surface. 

At my very secure network my uses cannot do anything (with python or anything else) 
that could wreck the computer they are using because they don’t run with the privileges 
necessary to do such damage. They are also unable to damage any files but their own, 
and if they manage that they can just restore them themselves from a snapshot from a few 
hours earlier. Or they can have me restore their files from a backup. 

So for me this isn’t a “security hole”, but just what any program can potentially do. You 
have the weigh the risks and deal with all the possibilities. My users are much more likely 
to accidentally delete files themselves than have something else do it for them. 

Just my two cents. 


Harley Acheson 

Virtual Dogsbody 
Info Tech Department 
Shawnigan Lake School

More information about the Bf-committers mailing list