Hi, Besides making Blender safer I think it is also important to make users "more" self aware of risks.
Two humble propositions: - first run splash screen with something like: "Thank you for choosing Blender. Beware of evil .blend files from unauthorised sources.". - small info "beware of .blend files from unauthorised sources" (under "open" button) when opening files with checkbox "don't show anymore" /Kuba W dniu 2013-06-07 11:21, Ton Roosendaal pisze: > Hi Campbell, > > I don't know enough about Python internals, so I depend on someone to help > designing a sane way to handle security risks here. There must be ways we can > help users? > > Look for example at the standard UI scripts. Apart from 1 case, there's no > "import os" anywhere. Same goes for essential scripts riggers or animators > use. > > So, why not add a provision in Blender code to check on such cases. Just > don't allow import of any module = safe script? In all other cases: needs to > be explicitly permitted to run. > > Something like this would make a "trusted source" option on file loading more > useful. Right now, unticking "trusted source" is almost equivalent to > "disable useful features". > > -Ton- > > -------------------------------------------------------- > Ton Roosendaal - [email protected] - www.blender.org > Chairman Blender Foundation - Producer Blender Institute > Entrepotdok 57A - 1018AD Amsterdam - The Netherlands > > > > On 6 Jun, 2013, at 20:13, Campbell Barton wrote: > >> On Thu, Jun 6, 2013 at 6:47 PM, Ton Roosendaal <[email protected]> wrote: >>> Hi, >>> >>> I think you give up too easily here. :) For example, we could also make a >>> bpy.os module, and mark scripts that use this as 'trusted'. Scripts using >>> the os.module itself then require a user to explicitly run it, or being >>> embedded in a file marked trusted (own files etc). >> You know I already attempted this and have been shown by developers >> more expert in CPython internals then me, that CPython makes not >> effort to support such limitations and that is trivial to workaround >> them. >> >> You assume there is an effective way to control module importing (that >> we could even stop a script from using any of CPythons bundled modules >> - `os` included). >> >> I'd want good evidence this can be done, until someone shows this - >> I'll assume it can't. >> >>> This is not to forbid using os module, it's to not make such scripts run >>> automatic. >>> >>> The main issue would be first to sanitize our non-python writing code, make >>> sure this goes more secured and controlled. Once that's in place, scripters >>> can use that as well, and get free support for the features we use in >>> Blender C code all over as well. >>> >>> -Ton- >> _______________________________________________ >> Bf-committers mailing list >> [email protected] >> http://lists.blender.org/mailman/listinfo/bf-committers > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
