[Bf-committers] Python sandbox

Thu Mar 25 06:14:09 CET 2010

Rick Yorgason wrote:
> The moral of the story is that the danger of attacks is directly
> proportional to the popularity of your product, so every time you work
> to make Blender more popular, you're also raising the danger of attacks.
>   Clearly, something has to be done sooner or later, unless you don't
> expect Blender to get more popular.
>   

Pretty much the point of the "pro-security" folks in the discussion from
what I can tell. No-one argues that Blender is a small target now and,
as such, is unlikely to to be interesting to a malware developer. Thing
is, as soon as Blender is as popular as, say, MudBox or Silo it will be
targeted. Both of these applications have magnitudes less exposure to
the world than Maya, 3DS, etc - yet have trojan hacks out there for
people to install on their machines. And unlike Blender & Microsoft
Word, they can't spread via files saved by a compromised installation.

> That isn't to say that something has to be done *today*, but something
> definitely has to be done.
>   

I would agree but I think nigh on all but Ton in the core dev group do
not. Due to the fact Python simply *cannot* be sand-boxed and operate as
expected, this is a task that is too hard to consider right now and, as
such, will need to wait until a malicious Blender macro virus manages to
hurt enough people to being the issue front & centre.

Honestly, due to the fact that Python CANNOT be sand-boxed in a
reasonable fashion without the cooperation of the Python development
team (i.e. is not something the Blender developers can actually control)
- this issue is not going to be dealt with until disaster strikes
because it cannot be. The choice is, currently, twisting the arms of the
Python folks to secure Python in a way they disagree with (they don't
like embedding Python, they prefer you extend Python with your apop) OR
leaving Python behind and choosing an alternative (at least for scripts
internal to a .blend file run automatically by Blender).

Neither option is going to make people happy until such time as their
are hurt by the vulnerability. Remember, Microsoft did next to nothing
to secure their products (Office, Windows, etc) until disaster hit them
repeatedly... and they are a company with a large amount of cash to
spend on development.

> Finally, somebody in this thread said that everybody nowadays keeps
> adequate backups.  I'd really like to live in that fantasy world

Yeah, same here. I'm a tech head who is quite conscious of the issues
requiring backups and I've been nailed too often to think that your
average artist will be unaffected by their machine getting owned.
Especially if the malware is insidious and it has been doing things on
you machine for a while before discovery.

-- 
Regards,

Benjamin Tolputt
Analyst Programmer