[Bf-committers] Blender security paranoia

Joshua Leung aligorith at gmail.com
Tue Mar 23 23:52:24 CET 2010



Human nature means that if we started actively setting up fortress-like
security "features", naturally some people will be drawn towards defeating
these measures ("the tougher the better!"). Sure, at the moment we are quite
easy vector to launch attacks from (especially as upload-to-render
webservices gain in popularity). However, I believe that due to this ease,
it's really not that "fun" or "attractive" for most crackers to bother.
Combining this with the fact that such services are quite a niche market
currently, all the overdone paranoia about sandboxing every last little nook
and cranny is just totally in-proportionate to the amount of work required
and the gains.

For standard usage, security features usually end up being more of a "get
out of my way.. just let me get back to my work" kind of thing. We've
already seen how this can be detrimental to normal functioning of Blender
assets (case in point - do a search on BA for the many threads over BBB rigs
breaking when trying to load them from one release after the one they were
made for, due to security paranoia defaults which blindly crippled
functionality for all users who were unaware of the issues). With the
increasing permeation of scripted extensions and/or core functionality
provided via scripts in Blender, the feasibility of just blind "mute all the
scripts" or so on approaches diminishes with each passing day.

As Brecht and a few other core developers have already said (but were mostly
ignored) in the other thread, the best we can hope to do is just warn the
user that there are potential hazards in the file, and/or allow users to
consistently completely bypass these warnings at their own peril. Talk of
analyzing scripts automatically to pick out potential hazards can be
included here as a "guide" to what evil might lie in scripts, but as
Campbell says, they can't see everything, so a human still should (if
they're seriously paranoid, which most users aren't) go through these
potential issues aided with such a guide of the most obvious issues.

In short, security paranoia can be beneficial to the point of being taking
precautions for your own safety and security, but it really is a losing
battle if you try to tackle at app level.


On Wed, Mar 24, 2010 at 7:11 AM, Mike Belanger
<mikejamesbelanger at gmail.com>wrote:

> Couldn't agree more with both of you.  Anyone in this day in age uses
> regular backups, not just when they THINK their might be a system failure.
> If you have work you care about, but you don't backup on a regular basis,
> you are a douche.  Its so easy to do, and you should do it even if Blender
> developes some new-fangled python-sandboxing.
> I think the bigger danger is if these superflous security featurse are
> actually attempted, and more critical things ( ie general stability) are
> overlooked or neglected.

More information about the Bf-committers mailing list