On Wed, Mar 17, 2010 at 9:50 AM, Ton Roosendaal <t...@blender.org> wrote: > Hi all, > > In past discussions I had the impression that Blender's Python cannot > be simply sandboxed because python.org doesn't cooperate with it. > Second reason was that Blender apparently is one of the few apps > embedding Python on such a level. > > Philipp Guehring sent me these links and a suggestion: >
> http://sayspy.blogspot.com/2007/05/i-have-finished-securing-python.html This would mean we would have to distribute blender with a totally limited python, exporters, importers wouldnt work right. it also removes functions we're relying on for some 2.5 internals. > http://people.cs.ubc.ca/~drifty/papers/python_security.pdf fairly easy to work around, edited namespace can be circumvented by... f = [ t for t in (1).__class__.__mro__[-1].__subclasses__() if t.__name__ == 'file'][0]('/some_file.txt', 'w') > http://svn.python.org/view/python/branches/bcannon-objcap/ apparently proof of concept sandbox branch of python, cant get info on this easily, looks to be 2 years old. > http://codespeak.net/pypy/dist/pypy/doc/sandbox.html pypy cant be used since we rely on C/Python > http://lackingrhoticity.blogspot.com/2009/06/python-standard-library-in-native.html Also cant be used because we need C/Python API > > Perhaps a Google SoC project to secure Blender's Python could help here. > > -Ton- I'm not interested in this for a few reasons... * Its a lot of work, even python guys have trouble to do this well and there are way more python developers then blenders. * If we had a totally sandboxed python this would limit scripts to the point where scripts would not be able to do basic tasks (exporting, writing files etc). * If people start running a sandboxed blender this is a mode many scripts need to support, a little like we had with 2.4x where we would have to check if a fill python was installed, complain if it wasn't, tell them to install etc. if this goes ahead Id at least make sure it could be disabled at compile time, but I really prefer it doesn't. _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers