[Bf-committers] Please turn off Auto Run Python Scripts by default

Brecht Van Lommel brechtvanlommel at pandora.be
Tue Jun 4 23:15:48 CEST 2013 

Regarding implemtation of a popup: if it is desired, you could load
the file with scripts disabled, and then in the info header have a
warning and button to reload the file with scripts enabled. That's
nicely non-modal too.

On Tue, Jun 4, 2013 at 10:02 PM, Campbell Barton <ideasman42 at gmail.com> wrote:
> Checked over these items, and from what I can tell, disabling `Trusted
> Source` on load still works well to ensure arbitrary scripts contained
> within the blend file don't run - BGE autostart also respects this
> option.

Ok wasn't aware autostart respected this. Still if it's a game people
will just press P key without thinking about security, but it's good
to avoid it happening on opening the file immediately.

> Even tricking user into using the python console would require some
> user interaction.

The idea would be to create a screen setup with overlapping editors so
you don't see it. This was an example of an advanced hack though.

> Loading user preferences is a bit of a worry, but even in this case I
> couldn't get a script to auto-execute on startup since it doesn't save
> drivers/text to that file.
> However if the user assumes running scripts is disabled in the
> preferences, a blend file manages to enable this, then they load a
> second blend --- it could be used to trick the user into running
> scripts still.

I think you can save a file with both .blend file data and user
preferences? Though maybe not anymore after recent changes to split
this. In any case you could bind any operator to a mouse move event in
the key configuration. If we add a warning for scripts it may be good
to do the same for user preferences too.

> And of course with buffer overflows all bets are off,
> but this is also a lot more involved then simply adding a python
> script to a blend file and telling it to run which is the case we
> wanted `Trusted Source` option to deal with.

Right, if we can avoid the easy cases that would be good. The question
is if a popup is reasonable as a default. Personally I think it will
be a bigger annoyance than it's worth, and I don't think similar
applications like AutoCAD / Maya / Houdini / Nuke address this either.

Brecht.

More information about the Bf-committers mailing list