[Bf-committers] Please turn off Auto Run Python Scripts by default
Chad Fraleigh
chadf at triularity.org
Fri Jun 7 00:09:45 CEST 2013
On Thu, Jun 6, 2013 at 11:13 AM, Campbell Barton <ideasman42 at gmail.com>wrote:
> On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <ton at blender.org> wrote:
>
> > I think you give up too easily here. :) For example, we could also make
> a bpy.os module, and mark scripts that use this as 'trusted'. Scripts using
> the os.module itself then require a user to explicitly run it, or being
> embedded in a file marked trusted (own files etc).
>
> You know I already attempted this and have been shown by developers
> more expert in CPython internals then me, that CPython makes not
> effort to support such limitations and that is trivial to workaround
> them.
>
> You assume there is an effective way to control module importing (that
> we could even stop a script from using any of CPythons bundled modules
> - `os` included).
>
> I'd want good evidence this can be done, until someone shows this -
> I'll assume it can't.
>
>
https://pypi.python.org/pypi/pysandbox/ ?
More information about the Bf-committers
mailing list