[Bf-committers] Please turn off Auto Run Python Scripts by default

Ton Roosendaal ton at blender.org
Wed Jun 5 18:03:41 CEST 2013 

Hi,

I am not proposing to make advanced system adminstration entirely impossible. It's just not a sane default to release, nor to give to everyone in a studio.

The challenge is to find out a good, sane and usable way to configure Blender securely.

It could work all fine for people in studios on daily work, and for occasional users who play with Blender and download files. And it could work for the TD to do massive data manipulations.

Needless to say: if you run a movie making bizz, you also will set up accounts and permissions in a way you protect valuable data. A user accidentally deleting every shot is not fun ever.

-Ton-

--------------------------------------------------------
Ton Roosendaal  -  ton at blender.org   -   www.blender.org
Chairman Blender Foundation - Producer Blender Institute
Entrepotdok 57A  -  1018AD Amsterdam  -  The Netherlands



On 5 Jun, 2013, at 17:29, Shrinidhi Rao wrote:

> Disabling os module might cause a lot of problems. Pipeline and other batch
> scripts rely on it a lot.
> We also use a lot of absolute path in our pipeline scripts since we move a
> lot of files across directories for version control  , publishing to the
> next stage , import directories of the stages , etc ., etc . using relative
> paths causes a lot of problems here .
> A cli option to disable all this security thingies would be great boon if
> at all the security measures are implemented.
> 
> 
> On Wed, Jun 5, 2013 at 8:46 PM, Jason van Gumster <
> jason at handturkeystudios.com> wrote:
> 
>> 
>> Ton Roosendaal <ton at blender.org> wrote:
>> 
>>> Hi,
>>> 
>>>> Things
>>>> that we need to do are in the file manipulation range, such as moving
>> or
>>>> renaming large numbers of files
>>> 
>>> Well, that you can do outside Blender via regular Python too?
>>> 
>>> Further - if we can make file manipulations in the UI work sane/safe (and
>>> usable still), the hacked os module would just do same :) You will also
>>> define your own blends to be 'trusted' and allow scripts there to write
>>> anywhere you want (or not).
>>> 
>>> -Ton-
>> 
>> This is likely to be problematic. I know I've relied on the os module for a
>> number of my own internal scripts for pipeline as well as other tasks...
>> and
>> not just for file I/O. For example, the subprocess library is likely a huge
>> security hole, but it's incredibly useful (almost required) for calling
>> programs that don't have a Python API (or only a python2 API). Sure, a lot
>> of
>> these things could be done outside of Blender, but it's far more
>> convenient to
>> have it inside... especially for external artists who don't roll their own
>> Blender.
>> 
>> In addition to my own esoteric scripts, I'd be curious about how this might
>> impact Import/Export scripts as well as external renderers.
>> 
>>  -Jason
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
>> 
> 
> 
> 
> -- 
> 
> regards
> - shrinidhi
> 
> 
> Even god fails to understand a human until his death!
> http://www.linkedin.com/in/shrinidhi666
> https://github.com/shrinidhi666
> 
> 
> 
> <http://www.imdb.com/name/nm3025616>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list