[Bf-committers] Please turn off Auto Run Python Scripts by default

Campbell Barton ideasman42 at gmail.com
Thu Jun 6 20:13:59 CEST 2013


On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <ton at blender.org> wrote:
> Hi,
>
> I think you give up too easily here. :) For example, we could also make a bpy.os module, and mark scripts that use this as 'trusted'. Scripts using the os.module itself then require a user to explicitly run it, or being embedded in a file marked trusted (own files etc).

You know I already attempted this and have been shown by developers
more expert in CPython internals then me, that CPython makes not
effort to support such limitations and that is trivial to workaround
them.

You assume there is an effective way to control module importing (that
we could even stop a script from using any of CPythons bundled modules
- `os` included).

I'd want good evidence this can be done, until someone shows this -
I'll assume it can't.

> This is not to forbid using os module, it's to not make such scripts run automatic.
>
> The main issue would be first to sanitize our non-python writing code, make sure this goes more secured and controlled. Once that's in place, scripters can use that as well, and get free support for the features we use in Blender C code all over as well.
>
> -Ton-


More information about the Bf-committers mailing list