Hi Campbell, I don't know enough about Python internals, so I depend on someone to help designing a sane way to handle security risks here. There must be ways we can help users?
Look for example at the standard UI scripts. Apart from 1 case, there's no "import os" anywhere. Same goes for essential scripts riggers or animators use. So, why not add a provision in Blender code to check on such cases. Just don't allow import of any module = safe script? In all other cases: needs to be explicitly permitted to run. Something like this would make a "trusted source" option on file loading more useful. Right now, unticking "trusted source" is almost equivalent to "disable useful features". -Ton- -------------------------------------------------------- Ton Roosendaal - [email protected] - www.blender.org Chairman Blender Foundation - Producer Blender Institute Entrepotdok 57A - 1018AD Amsterdam - The Netherlands On 6 Jun, 2013, at 20:13, Campbell Barton wrote: > On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <[email protected]> wrote: >> Hi, >> >> I think you give up too easily here. :) For example, we could also make a >> bpy.os module, and mark scripts that use this as 'trusted'. Scripts using >> the os.module itself then require a user to explicitly run it, or being >> embedded in a file marked trusted (own files etc). > > You know I already attempted this and have been shown by developers > more expert in CPython internals then me, that CPython makes not > effort to support such limitations and that is trivial to workaround > them. > > You assume there is an effective way to control module importing (that > we could even stop a script from using any of CPythons bundled modules > - `os` included). > > I'd want good evidence this can be done, until someone shows this - > I'll assume it can't. > >> This is not to forbid using os module, it's to not make such scripts run >> automatic. >> >> The main issue would be first to sanitize our non-python writing code, make >> sure this goes more secured and controlled. Once that's in place, scripters >> can use that as well, and get free support for the features we use in >> Blender C code all over as well. >> >> -Ton- > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
