[Bf-committers] Python security - proposal

Ton Roosendaal ton at blender.org
Sun Jun 9 15:02:37 CEST 2013

Hi all,

Back to practical solutions we can work on for the next release!
Here's a proposal I think has a wide consensus:

1) "Trusted source" for autorun scripts gets default disabled.

2) On loading a .blend with autorun script, we notify a user of that. How that UI will work exactly has a number of solutions we can investigate further. I suggest Campbell to investigate it and test some ideas and propose that here.

The above should be a real 2.68 target. 
Further actions we can take:

3) Implement a friendly (easy to use) way for marking/defining .blend files to be always be trusted. Also here a number of solutions are possible, like preset directories for where such files are located, or a way to sign personally saved files. Or both.

I propose Campbell to investigate that further too with some people and come with a final proposal for it.

4) Cleanup Blender file writing code itself as well. Like stop using /tmp for files, and enforce relative paths for (automatic) output file writing.

5) Figure out if there's any way to detect malicious scripts...

6) Kick Python.org and/or support the PyPy project to get 3.x Python secured somehow.


Ton Roosendaal  -  ton at blender.org   -   www.blender.org
Chairman Blender Foundation - Producer Blender Institute
Entrepotdok 57A  -  1018AD Amsterdam  -  The Netherlands

More information about the Bf-committers mailing list