[Bf-python] Security and the rexec module
Christian Plessl
plessl at tik.ee.ethz.ch
Mon May 19 11:12:49 CEST 2003
When reading through the discussions on Blender Python security, this came to
my mind, maybe this can be some inspiration:
It might help to look at Zope (http://www.zope.org) to see, how Python
extensions can be safely allowed. Zope is a popular open-source web
application server, that is implemented (mostly) in Python.
Applications in Zope can be implemented in various ways, 2 of them directly
use Python.
a) The first method is called 'Python Product' .These applications are written
in Python, and can run unrestricted, they can access the local filesystem,
network and so on.
b) The other method for implementing Zope applications in Python is called
python scripts. Python scripts can only access a very restricted set of
Python modules, the have no access to the filesystem, network and so on. If I
remeber this correctly, there are also restrictions in the maximum amount of
memory consumption and runtime.
Maybe the python extensions for Blender can borrow some ideas from Zope, but
I'm not familiar, with the way the Zope developers have implemented the 'safe
execution mode'.
Regards,
Christian
--
Christian Plessl <plessl at tik.ee.ethz.ch>
Computer Engineering and Networks Lab, ETH Zurich, Switzerland
More information about the Bf-python
mailing list