[Bf-committers] Please turn off Auto Run Python Scripts by default

Ton Roosendaal ton at blender.org
Fri Jun 7 11:21:18 CEST 2013 

Hi Campbell,

I don't know enough about Python internals, so I depend on someone to help designing a sane way to handle security risks here. There must be ways we can help users?

Look for example at the standard UI scripts. Apart from 1 case, there's no "import os" anywhere. Same goes for essential scripts riggers or animators use.

So, why not add a provision in Blender code to check on such cases. Just don't allow import of any module = safe script? In all other cases: needs to be explicitly permitted to run. 

Something like this would make a "trusted source" option on file loading more useful. Right now, unticking "trusted source" is almost equivalent to "disable useful features".

-Ton-

--------------------------------------------------------
Ton Roosendaal  -  ton at blender.org   -   www.blender.org
Chairman Blender Foundation - Producer Blender Institute
Entrepotdok 57A  -  1018AD Amsterdam  -  The Netherlands



On 6 Jun, 2013, at 20:13, Campbell Barton wrote:

> On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <ton at blender.org> wrote:
>> Hi,
>> 
>> I think you give up too easily here. :) For example, we could also make a bpy.os module, and mark scripts that use this as 'trusted'. Scripts using the os.module itself then require a user to explicitly run it, or being embedded in a file marked trusted (own files etc).
> 
> You know I already attempted this and have been shown by developers
> more expert in CPython internals then me, that CPython makes not
> effort to support such limitations and that is trivial to workaround
> them.
> 
> You assume there is an effective way to control module importing (that
> we could even stop a script from using any of CPythons bundled modules
> - `os` included).
> 
> I'd want good evidence this can be done, until someone shows this -
> I'll assume it can't.
> 
>> This is not to forbid using os module, it's to not make such scripts run automatic.
>> 
>> The main issue would be first to sanitize our non-python writing code, make sure this goes more secured and controlled. Once that's in place, scripters can use that as well, and get free support for the features we use in Blender C code all over as well.
>> 
>> -Ton-
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list