[Bf-committers] Blender security paranoia
letterrip at gmail.com
Wed Mar 24 22:14:39 CET 2010
Blender has a small exposure since the vast majority of the world
doesn't use and will never use it.
There is a small danger to the core devs themselves since they do have
to download 'random' blends submitted in the bug tracker. Since devs
are the most vulnerable to attack, I think mitigating the risk is
mostly a matter of their decision.
I think the best solution is to have something in the file view to
enable/disable scripts for the file when loaded and have it
checked/unchecked by the user preferences.
There really is no expectation of safety to download a random file
from an untrusted source and load it into an application and it not be
malware. PDF, image files, doc files, all have had exploits, and as
was shown the exact same risk was in Maya and other 3D applications.
More information about the Bf-committers