[Bf-python] Security and the rexec module
Willian Padovani Germano
wgermano at ig.com.br
Tue May 20 06:17:21 CEST 2003
On Mon, 2003-05-19 at 06:12, Christian Plessl wrote:
> When reading through the discussions on Blender Python security, this came to
> my mind, maybe this can be some inspiration:
>
> It might help to look at Zope (http://www.zope.org) to see, how Python
> extensions can be safely allowed. Zope is a popular open-source web
> application server, that is implemented (mostly) in Python.
You're right, Christian, Zope is a good place to look at, even if the
solution is written in Python. As Guignot pointed, we can use Python
solutions.
We may end up having to parse each script, when in safe mode, and block
attemps to import forbidden modules, attemps to write or read data to
specific places, etc. Though this can degenerate to that boring cat Vs.
mouse game, since strings can be generated and executed with eval(),
making code harder to parse (then we block eval(), then ... ?).
--
Willian, wgermano at ig.com.br
More information about the Bf-python
mailing list