[Bf-committers] Please turn off Auto Run Python Scripts by default
Ton Roosendaal
ton at blender.org
Thu Jun 6 11:00:46 CEST 2013
Hi Jace,
I am not talking about your use case. You should be able to code whatever you like.
However, when it comes to the binaries and software we release for everyone, I expect developers to accept some responsibilities here.
We try to keep up with a high standard for C/C++ developers for Blender, and same would go for Python scripts we bundle with, and especially for how we provide facilities for running scripts for users who don't code Python.
-Ton-
--------------------------------------------------------
Ton Roosendaal - ton at blender.org - www.blender.org
Chairman Blender Foundation - Producer Blender Institute
Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
On 5 Jun, 2013, at 21:21, Jace Priester wrote:
> Another +1 for not changing the OS module, or anything else for that
> matter. I use lots of python system-related modules, including OS, in my
> import/export/interop pipeline. If it is broken I will most likely not be
> using blender anymore (seriously).
>
> Additionally, I don't believe security in blend files is an issue anyway.
> If you have accepted a file from an untrusted source and opened it, YOU are
> the security risk, not the program you opened it with. AVIs, DOCs, and
> various other data files have had and still do have security risks
> associated with them (whether internal scripts are allowed to run or not).
> This problem is certainly not unique to blend files, and certainly not due
> solely to the fact that blender allows python scripts to run. This is a
> non-issue.
>
> The "Trusted Source" checkbox is a nice feature, I guess, but realistically
> I've never used it because I want all blends to open and work as intended
> by the creator. If I think it might be a malicious file, I don't accept it
> in the first place. That's where security starts, and ultimately ends.
>
>
> On Wed, Jun 5, 2013 at 10:55 AM, Campbell Barton <ideasman42 at gmail.com>wrote:
>
>> Hacked os module isn't really an option, Python uses this for its
>> internal operations all over the place - a lot of python modules are
>> written in Python so these would break.
>>
>> In python3.3 module dir...
>> find -name "*.py" | xargs grep "\bos\." | wc -l
>> --> 7833
>>
>> Attempting to let Python do its own thing but sandbox Blender scripts
>> also cant work well,
>>
>> In the BGE we did have some basic security (disable some modules &
>> open()... iirc),
>> But this is trivially easy to workaround - as in one line of python to
>> get access to the real modules/functions.
>>
>> The only way I could see this working would be to do this on a libc
>> level - replacing pythons own calls to open() / fopen() etc. But this
>> also gives high risk of breaking Python its self.
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
>>
>
>
>
> --
>
>
> --------------------------------------------------------------------------
> Jace Priester
> Threespace Imaging
> jacepriester at threespaceimaging.com
> 559-284-0904
> --------------------------------------------------------------------------
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
More information about the Bf-committers
mailing list