[Bf-committers] Blender 2.5 malicious scripting

Campbell Barton ideasman42 at gmail.com
Tue Feb 23 18:16:06 CET 2010

I'm really not interested in complicated solutions for this, over time
many have been suggested.
like SHA hashing of scripts + whitelists, signed blendfiles, some ID
for blendfiles which can be trusted etc.

While these can be made to work I think its unnecessary complication
and confusion which can probably be circumvented by someone who is
So I still favor an option (load time I guess), to disallow any
execution from this blend file.
Keep in mind there is also PyDrivers, and yet to be ported to 2.5,
PyNodes, PyConstraints... PyDrivers for eg can do their evil without
even using a text block. :)

Blender relies heavily on the C/Python api, using another python
implementation isnt an option, unless its CPython with some patches
(stackless, unladen swallow for instance could be used).

On Tue, Feb 23, 2010 at 5:48 PM, Tyler Tricker <tntricker at gmail.com> wrote:
> "A python threaded timer is not killed when new file is loaded.
> could change new loaded file without the knowledge of the user. the timer
> is only killed when quitting blender."
> >From a security standpoint this is a big problem. If a malicious script has
> the ability to attach itself to any other loaded blend file (or worse a
> trusted script), it would be impossible to quarantine without losing
> anywhere from one file to the entire project.
> What about Jython or Ironpython as a base platform? both have the ability to
> lock down the VM.
> "Like if there are any scripts, warn the user and ask if the scripts should
> be allowed for the session or permanently."
> I think this would get really annoying to have to confirm every script.
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

- Campbell

More information about the Bf-committers mailing list