[Bf-committers] Blender 2.5 malicious scripting

Aurel W. aurel.w at gmail.com
Wed Feb 24 16:30:34 CET 2010

Well, imho there hasn't been a release of blender, where code
execution from malicious blend files wouldn't be possible with some
effort. By preventing script execution you may prevent some kiddies to
do so, but I think we all have to be aware of, that blender will never
be able to securely process content from untrusted sources. And to be
honest, I can live with that.

There may be some potentials for attacks in distributed rendering
projects, which use blender, since you mainly would take over boxes
with high specs, which could be of use. Or someone specifly targets
CGI companies and studios. I wouldn't worry too much tho.

I guess a good way to handle embeded scripts is sufficient (without
any sandboxing etc.).

Features like baking py driven stuff, so that nodes, which won't
execute python scripts, in distributed rendering projects can render
blend files, could help for e.g.


On 24 February 2010 15:42, Dalai Felinto <dfelinto at gmail.com> wrote:
> +1 on an option at loading time to disable scripts.
> In Blender 2.4xx it was perfectly possible to have this (I wrote a patch
> that was disabling all py - pynodes, pyconstraints, pynumbers, ... - at load
> time).
> However (big however here) I myself wouldn't try to write it again to
> Blender 2.5 unless I have a clear go for that (nor advice someone to do it).
> Also I forgot the arguments, but in bconf 2008 Ton convinced me that this
> wasn't a good idea, so I dropped it.
> One option is to have it as an internal option and leave
> developers/interested people to change their UI files to expose this.
> Dalai
> (the old patch is here:
> http://projects.blender.org/tracker/?func=detail&aid=17701&group_id=9&atid=127
>  )
> 2010/2/24 Campbell Barton <ideasman42 at gmail.com>
>> @Benjamin, I think you sum this up well in your last mail, Blender
>> will continue to go with option #1, (allow security hole to exist),
>> rather then switch language/language implementation.
>> @Knapp, agree security at an OS level would help.
>> Im not suggesting we ask the user before running scripts, only that
>> there is an open on loading not to run scripts in the blendfile.
>> This isnt exactly security but at least allows you to safely load a
>> blend file from some unknown source.
>> - Campbell
>> On Wed, Feb 24, 2010 at 12:20 PM, Knapp <magick.crow at gmail.com> wrote:
>> > It seems quite oviouse that we need a new layer of security in all
>> > OSes. We have su and user now, we need to add program. Anything
>> > launched by Blender should not be able to open files made by Firefox
>> > etc. This is not a problem that Blender will be able to solve but I
>> > don't see asking the user to be of much use anyway. The artist I know
>> > just say, " what does that mean?" and then click what ever it takes to
>> > get the silly program working again. Not ideal but real. Perhaps
>> > Blender should have a repository or secure scripts that people can get
>> > so that we are not out downloading scripts from random places?
>> > --
>> > Douglas E Knapp
>> >
>> > Open Source Sci-Fi mmoRPG Game project.
>> > http://sf-journey-creations.wikispot.org/Front_Page
>> > http://code.google.com/p/perspectiveproject/
>> > _______________________________________________
>> > Bf-committers mailing list
>> > Bf-committers at blender.org
>> > http://lists.blender.org/mailman/listinfo/bf-committers
>> >
>> --
>> - Campbell
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list