[Bf-committers] Python sandbox
Mike Belanger
mikejamesbelanger at gmail.com
Tue Mar 23 02:24:30 CET 2010
> , there needs to be a way of recuperating
>
> ~Leif Andersen
Load your most recent backup files, assuming your entire project has been erased.
Mike Belanger ( Mikahl )
www.watchmike.ca
>
>
> ----------
> So Much to Learn, Such Little Time
> http://leifandersen.net/2010/02/03/so-much-to-learn-such-little-time/
>
>
> On Mon, Mar 22, 2010 at 17:53, joe <joeedh at gmail.com> wrote:
>
>> Is any of this a problem in practice? What do other applications do?
>> Seems to me we might be making this too complicated. Just have a
>> "warning: this .blend has scripts, which can be dangerous if you don't
>> trust the author; enable scripts?" popup on loading .blends.
>>
>> For something as complex as a digital art production package, I think
>> it's ok to treat .blends as if they *are* .exe's, and warn users
>> appropriately.
>>
>> Joe
>>
>> On Fri, Mar 19, 2010 at 2:36 AM, Campbell Barton <ideasman42 at gmail.com>
>> wrote:
>>> Hi Leif, probably repeating myself here but I don't understand the
>>> rationale for some of your suggestions.
>>> - Secure+Updated script installation doesn't help much since blend
>>> files themselves can include auto-executing drivers.
>>> - Separate python doesn't help with security, unless its separated in
>>> such a way blender can run without python at all. but in that case
>>> they also wont get a user interface so... don't think this helps
>>> either unless we move the UI back into C.
>>>
>>> Agree patching python would be a pain.
>>>
>>> This is an interesting sandbox project but I dont think blender can
>>> use since we would need to switch trusted/untrused context a lot but
>>> since the topic is raised worth mentioning.
>>>
>>> http://github.com/haypo/pysandbox/tree/master/sandbox/
>>> It works by writing into CPythons memory with ctypes to disable
>>> certain aspects of python.
>>>
>>>
>>> On Fri, Mar 19, 2010 at 3:55 AM, Leif Andersen
>>> <leif.a.andersen at gmail.com> wrote:
>>>> As sad as it is, it seams like your axiom Jonathan, has been true.
>>>> Although, that is based only on empirical evidence, not an actual
>> rigorous
>>>> proof. (i.e., I would die happy if I ever found a way to make a
>> computer be
>>>> secure, and work seamlessly). Some examples of this are the previous
>> emails
>>>> in this thread, about people who have had trouble with a locked down
>> python.
>>>>
>>>> I still think though (like the first email in this thread), that it
>> would be
>>>> better to keep python separate, but still make sure that it has been
>>>> included on the system. We could also have a script that checks to make
>>>> sure it is still the latest version, in an attempt to keep it secure.
>> If we
>>>> include python directly into blender, that would add a severe amount of
>>>> overhead to ensure that blender keeps up with the latest build of
>> python,
>>>> and even worse, if we customize it with patches, we would have to
>> constantly
>>>> repatch it, work that would be better spend fixing bugs/other flaws
>> unique
>>>> to blender/adding new features.Than again, on the other hand, we may
>> have to
>>>> still do the same thing if we try to customize a separate python build.
>>>>
>>>> Than again, all of this is at a very hand wavy level. And my arguments
>> seem
>>>> to me consist of me waving my arms, and claiming I can fly. :)
>>>>
>>>> Anyway, thank you for the support thus far everyone.
>>>>
>>>> ~Leif Andersen
>>>>
>>>> ----------
>>>> So Much to Learn, Such Little Time
>>>> http://leifandersen.net/2010/02/03/so-much-to-learn-such-little-time/
>>>>
>>>>
>>>> On Thu, Mar 18, 2010 at 12:43, Mike Belanger <
>> mikejamesbelanger at gmail.com>wrote:
>>>>
>>>>> To me its not a question of how secure your pipeline is, but how
>> quickly
>>>>> you
>>>>> can 'bounce back' after a system failure, maliciously-motived or
>> otherwise.
>>>>> Yeah, you should have a firewall, passwords, admin rights etc. But
>> really,
>>>>> the best insurance policy for studio assets is automated-backup.
>>>>> If anything, this sandbox thing almost sounds like it could restrict
>>>>> backups, or make them difficult/require consent every save. Anything
>>>>> discouraging/inhibiting backup is a far bigger threat, imho.
>>>>>
>>>>> A disclaimer in front of AddOns works for me.
>>>>>
>>>>>
>>>>> On Wed, Mar 17, 2010 at 11:28 PM, Matt Ebb <matt at mke3.net> wrote:
>>>>>
>>>>>>
>>>>>> On 18/03/2010, at 15:09 , §ĥřïñïďĥï Ŗäö wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>> This is my very first mail to this list . I am not a developer but
>> I
>>>>>>> thought
>>>>>>> i will put my 2 cents here since I felt that this discussion is a
>>>>>>> waste of
>>>>>>> time for many reasons .
>>>>>>> 1: +100 for Brecth and his opinion (He is perfectly right !!)
>>>>>>> 2: sanboxing blender will make it unusable in large pipelines
>> where
>>>>>>> we need
>>>>>>> blender to be integrated with other softwares and also need to do a
>>>>>>> lot of
>>>>>>> automatic IO (this includes IO to databases and in renderfarm too
>>>>>>> which can
>>>>>>> be used for other than just rendering out images )
>>>>>>
>>>>>> +1 to this too. Even in 2.4* we had lots of trouble at our studio
>> with
>>>>>> scriptlinks, pydrivers, etc being off by default. We had problems
>> (and
>>>>>> wasted hours of work) when an artist took work home, installed a
>>>>>> default blender from online and worked with that - getting the file
>>>>>> into a state that caused lots of problems when the scripts were
>>>>>> working as intended. This may have happened more than once too, can't
>>>>>> remember. Similar trouble when doing some complicated things and
>>>>>> sending files out to other studios who weren't familiar with Blender
>>>>>> and this particular issue that really doesn't affect them.
>>>>>>
>>>>>> Many people who use blender don't download and open files from
>>>>>> strangers on the web, and I would not like to see practical usability
>>>>>> hindered just to try and give people who do the impression of
>> security.
>>>>>>
>>>>>> cheers,
>>>>>>
>>>>>> Matt
>>>>>> _______________________________________________
>>>>>> Bf-committers mailing list
>>>>>> Bf-committers at blender.org
>>>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> www.watchmike.ca
>>>>> _______________________________________________
>>>>> Bf-committers mailing list
>>>>> Bf-committers at blender.org
>>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>>>
>>>> _______________________________________________
>>>> Bf-committers mailing list
>>>> Bf-committers at blender.org
>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>>
>>>
>>>
>>>
>>> --
>>> - Campbell
>>> _______________________________________________
>>> Bf-committers mailing list
>>> Bf-committers at blender.org
>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
>>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
More information about the Bf-committers
mailing list