Hi Ton,
Comments inline ;)
Am 07.06.2013 um 13:12 schrieb Ton Roosendaal <t...@blender.org>:
> Hi all Pythoneers,
>
> Scripters are important for Blender, but just like the C developers they have
> a responsibility for users out there. A good proposal for security has to
> come from you as experts first
Sure but what if these scripters want do develop malicious code?
We can't protect our users from those.
We could try to implement a script signing authority for secure scripts though.
But this a bit bloated IMHO ;)
> If this discussion just leads to marking every idea as impossible (Python is
> insecure by design) then we should have a big problem with keeping Python in
> Blender. Fork it, sandbox it, or move to LUA.
>
I would appreciate a move to Lua, it's my personal favorite scripting language,
but...
All these useful and great scripts out there will have to be recoded. This will
bring us the wrath of users and script coders.
> Let it be clear: we're making Blender here, which is meant to be a 3D
> creation tool. It's not a Python development environment. Users come first,
> scripters and coders second. So... stop being smartasses and think
> constructive a bit.
>
Good point!
> -Ton-
>
> --------------------------------------------------------
> Ton Roosendaal - t...@blender.org - www.blender.org
> Chairman Blender Foundation - Producer Blender Institute
> Entrepotdok 57A - 1018AD Amsterdam - The Netherlands
>
>
>
> On 7 Jun, 2013, at 12:08, Domino Marama wrote:
>
>> On 06/07/2013 10:21 AM, Ton Roosendaal wrote:
>>> Hi Campbell,
>>>
>>> I don't know enough about Python internals, so I depend on someone to help
>>> designing a sane way to handle security risks here. There must be ways we
>>> can help users?
>>>
>>> Look for example at the standard UI scripts. Apart from 1 case, there's no
>>> "import os" anywhere. Same goes for essential scripts riggers or animators
>>> use.
>>>
>>> So, why not add a provision in Blender code to check on such cases. Just
>>> don't allow import of any module = safe script? In all other cases: needs
>>> to be explicitly permitted to run.
>>>
>>> Something like this would make a "trusted source" option on file loading
>>> more useful. Right now, unticking "trusted source" is almost equivalent to
>>> "disable useful features".
>>>
>>>
>>>>> oh = 'SOS HELP!'
>>>>> ohoh = __import__(oh[1:3].lower())
>>>>> ohoh
>> <module 'os' from
>> '/home/domino/Applications/blender-2.67-linux-glibc211-x86_64/2.67/python/lib/python3.3/os.py'>
>>
>> On Linux distros where system Python is used, I doubt anything can be
>> done to prevent the import function from being used.
>>
>> Load Blender with a console, check there's the startup message on it.
>> Then paste this into say the frame number field..
>>
>> eval("__import__('os').system('clear')", {})
>>
>> Now check console again.. Just checking scripts for imports isn't enough.
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers@blender.org
>> http://lists.blender.org/mailman/listinfo/bf-committers
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers@blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
_______________________________________________
Bf-committers mailing list
Bf-committers@blender.org
http://lists.blender.org/mailman/listinfo/bf-committers
