[Bf-committers] Python security - proposal
Campbell Barton
ideasman42 at gmail.com
Mon Jun 10 03:13:06 CEST 2013
On Mon, Jun 10, 2013 at 5:07 AM, Jochen Schmitt <Jochen at herr-schmitt.de> wrote:
> On Sun, Jun 09, 2013 at 03:02:37PM +0200, Ton Roosendaal wrote:
>
>> 1) "Trusted source" for autorun scripts gets default disabled.
>>
>> 2) On loading a .blend with autorun script, we notify a user of that. How that UI will work exactly has a number of solutions we can investigate further. I suggest Campbell to investigate it and test some ideas and propose that here.
>>
>
> I want to make the following suggestion:
>
> We should introduced a second suffix for .blend files called .blendm.
>
> The differences between .blend and .blendm should be the following:
>
> On .blend files the execution of python scripts is generally disallowed.
>
> .blendm files can contain executable python scripts.
>
> So we have the following advantages:
>
> 1.) The use can disliguish between .blend files with and without python scripts.
>
> 2.) Firewalls may able to fillter .blend files with pythons scripts for security reasons.
>
> 3.) We need no special UI for open .blend files in opposire of Ton suggestion.
>
> You can found a simulary solution on the office products of a well knewn software
> company.
>
> Of course we may implement an infrastructure to signing .blendm files to
> mark them as trustworth in a second step.
>
> Best Regards:
>
> Jochen Schmitt
Don't think this would work that well.
Renaming files to denote some internal detail would get annoying -
consider you add a driver - the file gets renamed you the driver - its
renamed back.
Such changes for version control can be a bit of a hassle, further if
you have inter-linking blend files would be even more of a pain...
(ok, you could check for multiple file extensions but this starts to
be complicated - what if both exist?).
likely people working on projects would just call all their files
blendm to avoid thrashing.
Also blend files can link in other files so you might think a file is
not running scripts but it links in other data in a subdirectory that
does.
--
- Campbell
More information about the Bf-committers
mailing list