[Bf-committers] Blender 2.5 malicious scripting

Campbell Barton ideasman42 at gmail.com
Wed Feb 24 15:06:55 CET 2010

@Benjamin, I think you sum this up well in your last mail, Blender
will continue to go with option #1, (allow security hole to exist),
rather then switch language/language implementation.

@Knapp, agree security at an OS level would help.

Im not suggesting we ask the user before running scripts, only that
there is an open on loading not to run scripts in the blendfile.

This isnt exactly security but at least allows you to safely load a
blend file from some unknown source.
- Campbell

On Wed, Feb 24, 2010 at 12:20 PM, Knapp <magick.crow at gmail.com> wrote:
> It seems quite oviouse that we need a new layer of security in all
> OSes. We have su and user now, we need to add program. Anything
> launched by Blender should not be able to open files made by Firefox
> etc. This is not a problem that Blender will be able to solve but I
> don't see asking the user to be of much use anyway. The artist I know
> just say, " what does that mean?" and then click what ever it takes to
> get the silly program working again. Not ideal but real. Perhaps
> Blender should have a repository or secure scripts that people can get
> so that we are not out downloading scripts from random places?
> --
> Douglas E Knapp
> Open Source Sci-Fi mmoRPG Game project.
> http://sf-journey-creations.wikispot.org/Front_Page
> http://code.google.com/p/perspectiveproject/
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

- Campbell

More information about the Bf-committers mailing list