[Bf-committers] Please turn off Auto Run Python Scripts by default

Jakub Zolcik j.zolcik at allblue.pl
Fri Jun 7 11:41:07 CEST 2013 

Hi,

Besides making Blender safer I think it is also important to make users 
"more" self aware of risks.

Two humble propositions:
- first run splash screen with something like: "Thank you for choosing 
Blender. Beware of evil .blend files from unauthorised sources.".
- small info "beware of .blend files from unauthorised sources" (under 
"open" button) when opening files with checkbox "don't show anymore"

/Kuba

W dniu 2013-06-07 11:21, Ton Roosendaal pisze:
> Hi Campbell,
>
> I don't know enough about Python internals, so I depend on someone to help designing a sane way to handle security risks here. There must be ways we can help users?
>
> Look for example at the standard UI scripts. Apart from 1 case, there's no "import os" anywhere. Same goes for essential scripts riggers or animators use.
>
> So, why not add a provision in Blender code to check on such cases. Just don't allow import of any module = safe script? In all other cases: needs to be explicitly permitted to run.
>
> Something like this would make a "trusted source" option on file loading more useful. Right now, unticking "trusted source" is almost equivalent to "disable useful features".
>
> -Ton-
>
> --------------------------------------------------------
> Ton Roosendaal  -  ton at blender.org   -   www.blender.org
> Chairman Blender Foundation - Producer Blender Institute
> Entrepotdok 57A  -  1018AD Amsterdam  -  The Netherlands
>
>
>
> On 6 Jun, 2013, at 20:13, Campbell Barton wrote:
>
>> On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <ton at blender.org> wrote:
>>> Hi,
>>>
>>> I think you give up too easily here. :) For example, we could also make a bpy.os module, and mark scripts that use this as 'trusted'. Scripts using the os.module itself then require a user to explicitly run it, or being embedded in a file marked trusted (own files etc).
>> You know I already attempted this and have been shown by developers
>> more expert in CPython internals then me, that CPython makes not
>> effort to support such limitations and that is trivial to workaround
>> them.
>>
>> You assume there is an effective way to control module importing (that
>> we could even stop a script from using any of CPythons bundled modules
>> - `os` included).
>>
>> I'd want good evidence this can be done, until someone shows this -
>> I'll assume it can't.
>>
>>> This is not to forbid using os module, it's to not make such scripts run automatic.
>>>
>>> The main issue would be first to sanitize our non-python writing code, make sure this goes more secured and controlled. Once that's in place, scripters can use that as well, and get free support for the features we use in Blender C code all over as well.
>>>
>>> -Ton-
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list