[Bf-committers] Blender 2.5 malicious scripting
Stefan Langer
mailtolanger at googlemail.com
Tue Feb 23 11:40:34 CET 2010
2010/2/23 Aurel W. <aurel.w at gmail.com>
> [...]
> A problem that remains is, that there are embeded scripts within blend
> files, which the user might not be aware of. An mechanism to prevent
> any embeded scripts from execution per default would be straight
> forward and was also implemented in 2.4. Since embeded python scripts
> may be used rarely, it wouldn't be a problem.
> [...]
>
I don't think a full blown sandbox is nessecary. A simple whitelisting
mechanism for embedded scripts would suffice. Basically when you open a
blend file and blender finds an embedded script it asks the user wether to
execute the script with the options. Never - never run the script, Always -
always run the script and Run Once - only runs the script this instance.
This can of course be overriden with a setting in the preferences but is
activated on new installs. This way the user at least has a chance of
intervening when opening a blend file.
More information about the Bf-committers
mailing list