isnt using a computer itself a risk ?! . why not just disable the net and other out worldly connections to the comp . ? y do we want to use a hard disk? ..isnt it possible that some app will always overwrite our data? we might even format it by mistake!!!! .
i would prefer usability rather than some closed and difficult to implement software thats marketed as psychologically "secure" like windows OS! . people who are concerned about security using any software shouldn't use computers itself ! .. its simple . I wouldnt want people in a studio to always click a few extra buttons and forget sometimes and cause havoc on scenes while rendering , and spend a day trying to find out the problem! * pop ups are "not" an option during command line batching operations . Since there is an CLI option to enable and disable a script . it makes sense to disable it by default and people using it in studios can target blender to start with the "autorun enabled" option . provided the change is propagated to all blender users in some way so they remember the change :) . why complicate it with GUI popups? :( . and the only software that is safe is the one that does "nothing" . "security" is a user side issue . users should be informed and educated. any user who is dumb enough to turn a blind eye towards it and gets into trouble deserves it . because a software cannot provide security to all users . if it does that .. it does nothing! . On Wed, Jun 5, 2013 at 4:28 AM, Yu Asakusa <[email protected]> wrote: > Thank you for the list of potential risks. I cannot judge how > difficult it is to solve all of them and make it safe for a user to > open an untrusted blend file, but it seems it is much harder than I > expected. > > If it is too hard, do you think it is easier to better communicate to > users that opening an untrusted blend file in Blender is a dangerous > operation? > > As the community of Blender grows, it seems that more and more people > are downloading blend files made by someone they do not know, and this > trend is likely to continue. Many users reasonably expect that “just” > opening a blend file is a safe operation, unlike opening an executable > file. The security problem here is the mismatch between user’s > expectation and the actual behavior rather than the behavior itself. > I hoped the actual behavior could be changed to match user’s > expectation, but now I am less hopeful (although from Campbell > Barton’s reply it seems all hope is not lost). Then changing user’s > expectation to match the reality might be an easier way to resolve > this mismatch. If users know they should handle downloaded blend > files just like downloaded executable files, this will no longer be a > vulnerability. > > On Tue, Jun 4, 2013 at 3:38 PM, Brecht Van Lommel > <[email protected]> wrote: > > On Tue, Jun 4, 2013 at 7:58 PM, David Jeske <[email protected]> wrote: > >> The decision at the time was that no, we do not. Also note that even > >>> disabling scripts does not make Blender secure, there's dozens of > >>> other ways to create malicious .blend files. > >>> > >> > >> What are the other "dozen" ways blender could > >> read/destroy/send-files-to-the-internet/install-viruses with python > scripts > >> disabled? > > > > Some examples: > > > > * Animation rendering, compositor file output node, point caches, etc > > all write to disk. When set to certain paths they can overwrite > > important files. > > * Blend files can contain user preferences and those will be loaded > > automatically. > > * Keyboard shortcuts can be bound to arbitrary operators which can be > > used to do pretty much anything. > > * We don't generally keep up with the latest security fixes for jpg, > > png, .. libraries. > > * Auto Start for games. > > * Specially crafted screen setup so user executes code in the python > > console editor without noticing. > > * Buffer overflows are easy to achieve with the current .blend file > > reading code. > > > > Scripts of course make it easier, but even without that it's still > > fairly easy to do damage. > > > > Brecht. > > _______________________________________________ > > Bf-committers mailing list > > [email protected] > > http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > -- regards - shrinidhi Even god fails to understand a human until his death! http://www.linkedin.com/in/shrinidhi666 https://github.com/shrinidhi666 <http://www.imdb.com/name/nm3025616> _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
