[Bf-committers] Please turn off Auto Run Python Scripts by default
Campbell Barton
ideasman42 at gmail.com
Fri Jun 7 01:47:03 CEST 2013
On Fri, Jun 7, 2013 at 8:09 AM, Chad Fraleigh <chadf at triularity.org> wrote:
> On Thu, Jun 6, 2013 at 11:13 AM, Campbell Barton <ideasman42 at gmail.com>wrote:
>
>> On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <ton at blender.org> wrote:
>>
>
>
>> > I think you give up too easily here. :) For example, we could also make
>> a bpy.os module, and mark scripts that use this as 'trusted'. Scripts using
>> the os.module itself then require a user to explicitly run it, or being
>> embedded in a file marked trusted (own files etc).
>>
>> You know I already attempted this and have been shown by developers
>> more expert in CPython internals then me, that CPython makes not
>> effort to support such limitations and that is trivial to workaround
>> them.
>>
>> You assume there is an effective way to control module importing (that
>> we could even stop a script from using any of CPythons bundled modules
>> - `os` included).
>>
>> I'd want good evidence this can be done, until someone shows this -
>> I'll assume it can't.
>>
>>
> https://pypi.python.org/pypi/pysandbox/ ?
Yep, I'm aware of this however it's more on experimental level from
what I can tell.
It requires a patched CPython, since the requested pep-416 was
rejected by Guido.
The main issue with pysandbox is that CPython are not maintaining, and
changes to CPython may break it, if it was more actively
used/maintained (as with stackless-python), then it would be more
reassuring but the project isn't that active so relying on it as a
long term plan isn't wise IMHO.
--
- Campbell
More information about the Bf-committers
mailing list