On Wed, Jun 5, 2013 at 5:38 AM, Brecht Van Lommel <brechtvanlom...@pandora.be> wrote: > On Tue, Jun 4, 2013 at 7:58 PM, David Jeske <dav...@gmail.com> wrote: >> The decision at the time was that no, we do not. Also note that even >>> disabling scripts does not make Blender secure, there's dozens of >>> other ways to create malicious .blend files. >>> >> >> What are the other "dozen" ways blender could >> read/destroy/send-files-to-the-internet/install-viruses with python scripts >> disabled? > > Some examples: > > * Animation rendering, compositor file output node, point caches, etc > all write to disk. When set to certain paths they can overwrite > important files. > * Blend files can contain user preferences and those will be loaded > automatically. > * Keyboard shortcuts can be bound to arbitrary operators which can be > used to do pretty much anything. > * We don't generally keep up with the latest security fixes for jpg, > png, .. libraries. > * Auto Start for games. > * Specially crafted screen setup so user executes code in the python > console editor without noticing. > * Buffer overflows are easy to achieve with the current .blend file > reading code. > > Scripts of course make it easier, but even without that it's still > fairly easy to do damage. > > Brecht.
Checked over these items, and from what I can tell, disabling `Trusted Source` on load still works well to ensure arbitrary scripts contained within the blend file don't run - BGE autostart also respects this option. Even tricking user into using the python console would require some user interaction. Loading user preferences is a bit of a worry, but even in this case I couldn't get a script to auto-execute on startup since it doesn't save drivers/text to that file. However if the user assumes running scripts is disabled in the preferences, a blend file manages to enable this, then they load a second blend --- it could be used to trick the user into running scripts still. And of course with buffer overflows all bets are off, but this is also a lot more involved then simply adding a python script to a blend file and telling it to run which is the case we wanted `Trusted Source` option to deal with. -- - Campbell _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers