brYes, that would be one way to do it. Perhaps a render appliance.
Well this has some disadvantages, first, larger memory consumption, second,br
this is possible if you set up your own renderfarm. If you set up your own
renderfarm, then you don'tbrneed to worry about security from your own
Am 06.06.2014 18:16, schrieb Vilem Novak:
...like restarting the discussion, which already came to some conclusions.
And in what direction did that conclusion point?
IMHO the strength of Blender is to be an open and powerful tool.
We should concentrate on that.
If someone else wants to start
In my experience non techy people will happily ignore the little
warning we have (happens over and over to my clients and coworkers). I
propose making a blocking popup like this:
This file contains drivers and python scripts that have been disabled
for security reasons.
* Continue with disabled
Rather than trying to sandbox python or limit functionality, why not just
sandbox the environment blender is running in? One could set up a render
server which clones a previously set up user with all the necessary
software installed in the user's path and setroot it so it can't touch
anything
That sounds like a VM to me?
Daniel Salazar
patazstudio.com
On Thu, Jun 5, 2014 at 1:07 AM, Dahlia Trimble dahliatrim...@gmail.com wrote:
Rather than trying to sandbox python or limit functionality, why not just
sandbox the environment blender is running in? One could set up a render
server
Yes, that would be one way to do it. Perhaps a render appliance.
On Thu, Jun 5, 2014 at 12:29 AM, Daniel Salazar - patazstudio.com
zan...@gmail.com wrote:
That sounds like a VM to me?
Daniel Salazar
patazstudio.com
On Thu, Jun 5, 2014 at 1:07 AM, Dahlia Trimble dahliatrim...@gmail.com
As an outcome of the discussion,
I added a point in the wiki TODO, section render:
http://wiki.blender.org/index.php/Dev:2.5/Source/Development/Todo/Render
Don't render and warn when a driver or pre-render script can't be executed,
a texture is missing,
physics are not baked. Needed e.g. when
On Sat, May 24, 2014 at 7:21 AM, Chad Fraleigh ch...@triularity.org wrote:
Just wondering.. has anyone out there wrote a python interpreter *in*
python that has security/sandbox functionality/hooks? Then it could offer
the option (as another user selectable security level) of secure but
slow,
This has been tried several times, and always proven breakable by
malicious code. Python is not designed for this, people always found
ways to escape from the “jail”.
On 25/05/2014 10:19, Chad Fraleigh wrote:
On Sun, May 25, 2014 at 12:34 AM, Campbell Barton ideasma...@gmail.comwrote:
On Sat,
On Sun, May 25, 2014 at 6:19 PM, Chad Fraleigh ch...@triularity.org wrote:
On Sun, May 25, 2014 at 12:34 AM, Campbell Barton ideasma...@gmail.comwrote:
On Sat, May 24, 2014 at 7:21 AM, Chad Fraleigh ch...@triularity.org wrote:
Just wondering.. has anyone out there wrote a python interpreter
If I understand the outcome of this discussion right:
Sandboxing of python in general isn't functional and is too complicated.
After reading all of the possible solutions, there are 2 which I seem to be
reasonable:
1.Do not render when some drivers in the scene/linked data can not be
executed.
On Sun, May 25, 2014 at 7:54 PM, Vilem Novak pildano...@post.cz wrote:
If I understand the outcome of this discussion right:
Sandboxing of python in general isn't functional and is too complicated.
After reading all of the possible solutions, there are 2 which I seem to be
reasonable:
1.Do
Hello,
I realize how important is the security when .blend files are distributed,
but I thought, is there a way to exclude drivers from the relatively new
strict blocking mechanism?
To me as animator, it caused allready many problems.
Last is ruining several days of rendertime on a renderfarm
This is an issue at our studio as well, I don't see any rationale in these
overly security concerns, it just prevents you to work.
2014-05-23 12:06 GMT+02:00 Vilem Novak pildano...@post.cz:
Hello,
I realize how important is the security when .blend files are distributed,
but I thought, is
Had the same problem here with the #frame driver in the Cycles seed
value. Renderfarm just ignored it, and I only noticed it after
rendering.
On Fri May 23 12:26:46 2014, Paolo Acampora wrote:
This is an issue at our studio as well, I don't see any rationale in these
overly security concerns,
I think most of us can agree this is an annoying feature, but if it were to
be removed now, some nasty folks might take it as an invitation.
I don't like this feature as it is, but simply removing it isn't a
solution. We need to think of a smart way to always allow render farms to
run scripts and
On 23.05.2014 13:53, Greg Zaal wrote:
Another silly idea: what if we leave this feature on, but only for paths
that include the word download in addition to the user-defined folders in
the preferences?
Or keep a history of trusted authors (computer name or ip) and check if the
author of a
On another note:
IMO, despite what others have said about detecting malicious Python code to
be an intractable problem, I still believe that when you're not trying to
solve the problem of detecting whether an arbitrary piece of Python code
for arbitrary/general purposes, the problem becomes much
On Fri, May 23, 2014 at 9:53 PM, Greg Zaal gregzzm...@gmail.com wrote:
I think most of us can agree this is an annoying feature, but if it were to
be removed now, some nasty folks might take it as an invitation.
I don't like this feature as it is, but simply removing it isn't a
solution. We
IIRC, we are already only blocking the drivers where Python code is used.
To be specific, if it's of type scripted expression it contains Python
code of some sort. Thus, if you can set up your drivers in a way which
doesn't require an expression to be evaluated, you could avoid these
problems. For
On Fri, May 23, 2014 at 9:58 PM, Joshua Leung aligor...@gmail.com wrote:
On another note:
IMO, despite what others have said about detecting malicious Python code to
be an intractable problem, I still believe that when you're not trying to
solve the problem of detecting whether an arbitrary
Another alternative for drivers specifically may be to consider moving
these away from Python, and using a dedicated expression language like
Disney's SeExpr instead. Either that, or some kind of custom DSL (probably
Pythonic or compatible with the existing Python syntax used in nature), but
with
thanks for the reactions.
From the proposed solution I think that most sane solution would be some
limitation for the one-line expressions, assumably all of those which Joshua
proposed.
Maybe there is a simple way to put all these limitations into a simple
string-checking operation, just
I don't think any type of checking will be safe against a determined
attacker. One could conceivably rename objects to contain malicious code,
and then use these as RNA path in an expression.
-m
On Fri, May 23, 2014 at 8:57 AM, Vilem Novak pildano...@post.cz wrote:
thanks for the reactions.
: bf-committers@blender.org
Date: Fri, 23 May 2014 17:57:31 +0200
Subject: [Bf-committers] Do drivers have to be blocked as python scripts?
thanks for the reactions.
From the proposed solution I think that most sane solution would be some
limitation for the one-line expressions, assumably all
, but would at least provide
clearity (as well as a much improved sense of control!) to the user.
Just my two cents.
Cheers,
Patrick
From: pildano...@post.cz
To: bf-committers@blender.org
CC: bf-committers@blender.org
Date: Fri, 23 May 2014 17:57:31 +0200
Subject: [Bf-committers] Do drivers have
drivers have to be blocked as python
scripts?
thanks for the reactions.
From the proposed solution I think that most sane solution would be some
limitation for the one-line expressions, assumably all of those which
Joshua
proposed.
Maybe there is a simple way to put all
Just wondering.. has anyone out there wrote a python interpreter *in*
python that has security/sandbox functionality/hooks? Then it could offer
the option (as another user selectable security level) of secure but
slow, which might be adequate for simple or non-intensively called
scripts. Since it
28 matches
Mail list logo
