[Bf-committers] Please turn off Auto Run Python Scripts by default

Jürgen Herrmann shadowrom at me.com
Fri Jun 7 13:59:49 CEST 2013 

Hi Ton,

Comments inline ;)

Am 07.06.2013 um 13:12 schrieb Ton Roosendaal <ton at blender.org>:

> Hi all Pythoneers,
> 
> Scripters are important for Blender, but just like the C developers they have a responsibility for users out there. A good proposal for security has to come from you as experts first

Sure but what if these scripters want do develop malicious code?
We can't protect our users from those.
We could try to implement a script signing authority for secure scripts though. But this a bit bloated IMHO ;)

> If this discussion just leads to marking every idea as impossible (Python is insecure by design) then we should have a big problem with keeping Python in Blender. Fork it, sandbox it, or move to LUA.
> 
I would appreciate a move to Lua, it's my personal favorite scripting language, but...
All these useful and great scripts out there will have to be recoded. This will bring us the wrath of users and script coders.

> Let it be clear: we're making Blender here, which is meant to be a 3D creation tool. It's not a Python development environment. Users come first, scripters and coders second. So... stop being smartasses and think constructive a bit.
> 
Good point!

> -Ton-
> 
> --------------------------------------------------------
> Ton Roosendaal  -  ton at blender.org   -   www.blender.org
> Chairman Blender Foundation - Producer Blender Institute
> Entrepotdok 57A  -  1018AD Amsterdam  -  The Netherlands
> 
> 
> 
> On 7 Jun, 2013, at 12:08, Domino Marama wrote:
> 
>> On 06/07/2013 10:21 AM, Ton Roosendaal wrote:
>>> Hi Campbell,
>>> 
>>> I don't know enough about Python internals, so I depend on someone to help designing a sane way to handle security risks here. There must be ways we can help users?
>>> 
>>> Look for example at the standard UI scripts. Apart from 1 case, there's no "import os" anywhere. Same goes for essential scripts riggers or animators use.
>>> 
>>> So, why not add a provision in Blender code to check on such cases. Just don't allow import of any module = safe script? In all other cases: needs to be explicitly permitted to run. 
>>> 
>>> Something like this would make a "trusted source" option on file loading more useful. Right now, unticking "trusted source" is almost equivalent to "disable useful features".
>>> 
>>> 
>>>>> oh = 'SOS HELP!'
>>>>> ohoh = __import__(oh[1:3].lower())
>>>>> ohoh
>> <module 'os' from
>> '/home/domino/Applications/blender-2.67-linux-glibc211-x86_64/2.67/python/lib/python3.3/os.py'>
>> 
>> On Linux distros where system Python is used, I doubt anything can be
>> done to prevent the import function from being used.
>> 
>> Load Blender with a console, check there's the startup message on it.
>> Then paste this into say the frame number field..
>> 
>> eval("__import__('os').system('clear')", {})
>> 
>> Now check console again.. Just checking scripts for imports isn't enough.
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
> 
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers

More information about the Bf-committers mailing list