[Bf-committers] Do drivers have to be blocked as python scripts?
j.wielicki at sotecware.net
Fri May 23 13:58:33 CEST 2014
On 23.05.2014 13:53, Greg Zaal wrote:
> Another silly idea: what if we leave this feature on, but only for paths
> that include the word "download" in addition to the user-defined folders in
> the preferences?
> Or keep a history of trusted authors (computer name or ip) and check if the
> author of a blend has been trusted before?
Think of a path like "download/../". This issue canont be fixed
trivially. You cannot sandbox Python easily. The only way out of that
mess would be for render farms to, e.g. put the render in some LXC (or
other) container and deny it network access. Burn down the container
after the work is done and you’re quite safe.
This is nothing blender can fix. It is a kind of a limitation of the
python language (note that PyPy, for example, offers ways to allow
sandboxing, but many libraries won’t work with PyPy and embedding is
totally different, so I assume that blender won’t move to PyPy in the
disclaimer: not a blender developer. just my five cents.
> On 23 May 2014 13:43, Tobias Kummer <supertoilet at gmx.net> wrote:
>> Had the same problem here with the #frame driver in the Cycles seed
>> value. Renderfarm just ignored it, and I only noticed it after
>> On Fri May 23 12:26:46 2014, Paolo Acampora wrote:
>>> This is an issue at our studio as well, I don't see any rationale in
>>> overly security concerns, it just prevents you to work.
>>> 2014-05-23 12:06 GMT+02:00 Vilem Novak <pildanovak at post.cz>:
>>>> I realize how important is the security when .blend files are
>>>> but I thought, is there a way to exclude drivers from the relatively new
>>>> strict blocking mechanism?
>>>> To me as animator, it caused allready many problems.
>>>> Last is ruining several days of rendertime on a renderfarm which has
>>>> blocked(as is by default!). Actually, it happened to me allready several
>>>> times- setting up renders, render nodes, and forgetting about some
>>>> and the new feature.
>>>> I realized so far none of the crowd-render farms for blender don't
>>>> scripts on (sheepit, burp). That it of course a logical choice.
>>>> So the idea is - can there be some check to determine if a driver is
>>>> actually a python script? If it's using any commands, and not only
>>>> / logical operators? And then, could such simple drivers be enabled?
>>>> It would really save my life very often. Now I have to write a script
>>>> bakes all drivers before sending file to render farm...
>>>> Bf-committers mailing list
>>>> Bf-committers at blender.org
>> Bf-committers mailing list
>> Bf-committers at blender.org
> Bf-committers mailing list
> Bf-committers at blender.org
More information about the Bf-committers