By default, the best is to disable automatic execution of scripts, I think, unless the user enables such option (startup auto-execution-script)
Just make it an easy to enable option (with a warning), but leave it off by default. Thanks, Erwin On 25 February 2010 03:51, Campbell Barton <[email protected]> wrote: > @Tyler, from conversations with python devs, the request of sandboxing > gets the response "dont even think about it!", > I'm not especially interested in security to the point where Id try > motivate others, but am not against someone working on it either. > > so now this seems to boil down to "who wants to write a patch" :), > probably should be a command line argument like Dali wrote for 2.4x as > well as an option on load. > There are stull some issues still like, what happens when you double > click on a file to open so maybe something like this. > > - user default for the startup auto-execution-script value. > - global flag for auto script execution that is reset on loading blend > files and can be set on file load. > would look something like G.flag & G_PY_AUTO_EXEC, U.py_auto_exec > which could be accessed anywhere. > > again, I think hashing scripts would be hard to manage well, not to > mention hashing every pydriver (can be 100's) and having a place to > store this, varify etc. > > On Thu, Feb 25, 2010 at 9:26 AM, Stefan Langer > <[email protected]> wrote: > > 2010/2/25 Tyler Tricker <[email protected]> > > > > > >> [...] What about checking MD5 hashes on core scripts and having a > command > >> line > >> option to shut down all other scripts? That way if there is a bad > script, a > >> user still has the ability to open a file to try and extract useful > data. > >> [...] > >> > > Use SHA cause MD5 is broken and can be easily faked now a days. > > _______________________________________________ > > Bf-committers mailing list > > [email protected] > > http://lists.blender.org/mailman/listinfo/bf-committers > > > > > > -- > - Campbell > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
