[Bf-committers] Please turn off Auto Run Python Scripts by default
Brecht Van Lommel
brechtvanlommel at pandora.be
Tue Jun 4 17:05:51 CEST 2013
Here's another discussion where the popup idea comes up:
http://lists.blender.org/pipermail/bf-committers/2010-March/026573.html
It's a tradeoff, do we really want to degrade usability for this? The
decision at the time was that no, we do not. Also note that even
disabling scripts does not make Blender secure, there's dozens of
other ways to create malicious .blend files.
On Tue, Jun 4, 2013 at 3:50 PM, Yu Asakusa <yu.asakusa at gmail.com> wrote:
> Dear Thomas,
>
> As I wrote in the first email, I know there are options to change the
> behavior, and I am questioning the *default* behavior.
>
> I agree a confirmation popup is not nice, but I am suggesting the
> confirmation as a compromise to make Blender secure by default without
> causing data loss to users whose workflow relies on autorun.
>
> Yu
>
> On Tue, Jun 4, 2013 at 9:34 AM, Thomas Dinges <blender at dingto.org> wrote:
>> Hi,
>> as someone previously said, you can start Blender with a parameter (-Y),
>> to not start scripts automatically, so there is already an option. You
>> can set that to your blender.exe or so, then you don't have to manually
>> set it on each startup.
>> Having a Confirmation popup "Do you really want to run the script?" is
>> not a good idea, neither as a preference or not.
>>
>> Thomas
>>
>> Am 04.06.2013 15:23, schrieb Yu Asakusa:
>>> Thank you for the reply, and especially for the pointer to the
>>> previous discussion in April and May 2010. I was not aware of it.
>>>
>>> I think I took a look at all the messages in that thread in the
>>> archive. Now I understand it is unacceptable to some people to
>>> disable autoruns by default. So I will change my suggestion to the
>>> following: Please add an option to confirm before Blender runs Python
>>> scripts automatically, and turn on this new option by default.
>>> Probably this option should be ignored in the batch mode.
>>>
>>> I tried to find this suggestion in the past thread, but I could not
>>> find it. Excuse me if this was already suggested and rejected for
>>> some reason and I overlooked it, but in that case I am curious what
>>> the reason for rejection was.
>>>
>>> On Tue, Jun 4, 2013 at 8:15 AM, Brecht Van Lommel
>>> <brechtvanlommel at pandora.be> wrote:
>>>> There was a decision to turn autorun on even if it causes potential
>>>> security issues, what it comes down to is that we can't really secure
>>>> python scripts, but they are critical for many artists worksflows.
>>>>
>>>> For a long discussion on the topic see here:
>>>> http://lists.blender.org/pipermail/bf-committers/2010-April/027216.html
>>>>
>>>> On Tue, Jun 4, 2013 at 12:51 PM, Yu Asakusa <yu.asakusa at gmail.com> wrote:
>>>>> Hello,
>>>>>
>>>>> Currently “Auto Run Python Scripts” in the File tab in the user
>>>>> preferences (UserPreferencesSystem.use_scripts_auto_execute in Python)
>>>>> is turned on by default. Please turn it off by default.
>>>>>
>>>>> The current default setting means that when users open a blend file,
>>>>> Blender runs any Python scripts in the file as long as they are marked
>>>>> for auto-run. Python scripts can read/write local files and do other
>>>>> malicious things. Therefore, if users would like to open an untrusted
>>>>> blend file, they must explicitly disable auto-run by either turning
>>>>> off “Auto Run Python Scripts” in the user preferences or turning off
>>>>> the “Trusted Source” checkbox in the File Browser window. (See also
>>>>> my post on Google+
>>>>> <https://plus.google.com/u/0/102042171744549015655/posts/2ayrQg2gUG6>.)
>>>>>
>>>>> I do not think many users know it is dangerous to open an untrusted
>>>>> blend file with the default settings in Blender. It is different from
>>>>> the common expectation for file-editing programs such as word
>>>>> processors: opening an untrusted file in file-editing programs is
>>>>> usually not considered to be a security risk. In other words, in
>>>>> file-editing programs, it is program’s responsibility to prevent
>>>>> attacks even if users open malicious files. Depending on the point of
>>>>> view, the current default behavior may be considered as a security
>>>>> vulnerability in Blender because of the mismatch between user’s
>>>>> expectation and the actual behavior.
>>>>>
>>>>> Regards,
>>>>> Yu
>>>>> _______________________________________________
>>>>> Bf-committers mailing list
>>>>> Bf-committers at blender.org
>>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>>> _______________________________________________
>>>> Bf-committers mailing list
>>>> Bf-committers at blender.org
>>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>> _______________________________________________
>>> Bf-committers mailing list
>>> Bf-committers at blender.org
>>> http://lists.blender.org/mailman/listinfo/bf-committers
>>
>>
>> --
>> Thomas Dinges
>> Blender Developer, Artist and Musician
>>
>> www.dingto.org
>>
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
More information about the Bf-committers
mailing list