[Bf-committers] Please turn off Auto Run Python Scripts by default
Alberto Torres
kungfoobar at gmail.com
Wed Jun 12 14:13:38 CEST 2013
A suggestion that hasn't be done before here (but it's related to the post
I'm replying to):
Hash all the potentially dangerous data (scripts, driver expressions,
anything that has python code) and store those hashes when the user chooses
to trust the .blend file. If someone heavily modifies Sintel to make a new
character but scripts remain untouched, when it's shared the scripts are
automatically trusted if the user has trusted them before.
DiThi
2013/6/12 Garrett Williams <questo at gmail.com>
> How about a script that automatically checks each script in the .blend when
> it opens, before auto-running scripts... but it ONLY pops up an alert if it
> detects suspicious code, any specific functions that wouldn't normally be
> needed in a .blend file or stand a good chance of messing things up.
> Hopefully it won't slow things down, and it can be easy to turn off.
> The key is fewer alerts so it's not as ignored, while also being automatic.
> If it detects something that warrants investigation, it can tell the user
> something like, "This script has the ability to control other programs(or
> send email, or delete files). Here is the code that does this. If this is
> not a function you expect, click here to deactivate it.". Something not too
> alarming in case it's nothing. More positive matches would outright be
> blocked.
>
> This will of course miss some things, especially early on(if there's
> anything to miss), but it'll catch more than what's caught now, especially
> anything obvious-but-buried-under-600-lines-of-code.
>
> I have a particular interest in security because I'm working on a variation
> of Blender that's specifically for presentations(using the game engine),
> and
> if Blender is being used like Powerpoint, it's likely to get malware like
> Powerpoint. I'm glad that this conversation is happening, and there might
> be
> some ideas that wouldn't work well for Blender but will be perfect for a
> more single-purpose program that doesn't need as much flexibility.
> More info on the presentation software is at http://blendshow.com (just to
> prevent questions that would bring this thread off-topic)
>
>
>
> --
> View this message in context:
> http://blender.45788.x6.nabble.com/Please-turn-off-Auto-Run-Python-Scripts-by-default-tp108971p109403.html
> Sent from the Bf-committers mailing list archive at Nabble.com.
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>
More information about the Bf-committers
mailing list