94 messages in org.blender.bf-committersRe: [Bf-committers] "Security" gets i...| From | Sent On | Attachments |
|---|---|---|
| Daniel Salazar - 3Developer.com | Apr 27, 2010 5:59 pm | |
| Matt Ebb | Apr 27, 2010 6:17 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:09 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:25 pm | |
| Matt Ebb | Apr 27, 2010 7:32 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:57 pm | |
| Campbell Barton | Apr 28, 2010 1:03 am | |
| Daniel Salazar - 3Developer.com | Apr 28, 2010 1:14 am | |
| Remo Pini | Apr 28, 2010 1:34 am | |
| Benjamin Tolputt | Apr 28, 2010 2:36 am | |
| horace grant | Apr 28, 2010 4:28 am | |
| Benjamin Tolputt | Apr 28, 2010 7:05 am | |
| horace grant | Apr 28, 2010 7:56 am | |
| Remo Pini | Apr 28, 2010 8:32 am | |
| Nery Chucuy | Apr 28, 2010 8:41 am | |
| Raul Fernandez Hernandez | Apr 28, 2010 8:58 am | |
| male...@licuadorastudio.com | Apr 28, 2010 9:30 am | |
| Bassam Kurdali | Apr 28, 2010 9:55 am | |
| Raul Fernandez Hernandez | Apr 28, 2010 10:58 am | |
| Makslane Rodrigues | Apr 28, 2010 1:52 pm | |
| horace grant | Apr 28, 2010 2:28 pm | |
| Matt Ebb | Apr 28, 2010 2:34 pm | |
| Charles Wardlaw | Apr 28, 2010 2:58 pm | |
| Makslane Rodrigues | Apr 28, 2010 3:15 pm | |
| Tom M | Apr 28, 2010 3:16 pm | |
| Ruslan Merkulov | Apr 28, 2010 4:33 pm | |
| Charles Wardlaw | Apr 28, 2010 5:09 pm | |
| joe | Apr 28, 2010 5:21 pm | |
| Benjamin Tolputt | Apr 28, 2010 5:31 pm | |
| Ruslan Merkulov | Apr 28, 2010 5:40 pm | |
| Benjamin Tolputt | Apr 28, 2010 6:44 pm | |
| Martin Poirier | Apr 28, 2010 8:01 pm | |
| amrp...@gmail.com | Apr 28, 2010 8:27 pm | |
| Charles Wardlaw | Apr 28, 2010 8:44 pm | |
| Benjamin Tolputt | Apr 28, 2010 8:56 pm | |
| Martin Poirier | Apr 28, 2010 9:02 pm | |
| §ĥřïñïďĥï Ŗäö | Apr 28, 2010 9:03 pm | |
| Harley Acheson | Apr 28, 2010 9:31 pm | |
| Benjamin Tolputt | Apr 28, 2010 11:22 pm | |
| Ruslan Merkulov | Apr 29, 2010 12:10 am | |
| Tony Mullen | Apr 29, 2010 3:08 am | |
| Kevin Roy | Apr 29, 2010 3:30 am | |
| Charles Wardlaw | Apr 29, 2010 3:39 am | |
| horace grant | Apr 29, 2010 5:03 am | |
| Thomas Dinges | Apr 29, 2010 5:13 am | |
| Martin Poirier | Apr 29, 2010 5:57 am | |
| Benjamin Tolputt | Apr 29, 2010 5:58 am | |
| (Ry)akiotakis (An)tonis | Apr 29, 2010 6:13 am | |
| Charles Wardlaw | Apr 29, 2010 6:16 am | |
| Raul Fernandez Hernandez | Apr 29, 2010 6:35 am | |
| Charles Wardlaw | Apr 29, 2010 6:41 am | |
| Benjamin Tolputt | Apr 29, 2010 6:46 am | |
| Benjamin Tolputt | Apr 29, 2010 7:11 am | |
| Raul Fernandez Hernandez | Apr 29, 2010 8:10 am | |
| Knapp | Apr 29, 2010 8:54 am | |
| Michael Judd | Apr 29, 2010 10:55 am | |
| Martin Poirier | Apr 29, 2010 10:59 am | |
| Michael Judd | Apr 29, 2010 11:13 am | |
| Michael Fox | Apr 29, 2010 3:26 pm | |
| Benjamin Tolputt | Apr 29, 2010 4:41 pm | |
| Benjamin Tolputt | Apr 29, 2010 4:46 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:03 pm | |
| Martin Poirier | Apr 29, 2010 5:08 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:09 pm | |
| horace grant | Apr 29, 2010 5:26 pm | |
| Ken Hughes | Apr 29, 2010 5:47 pm | |
| Ken Hughes | Apr 29, 2010 5:52 pm | |
| Ken Hughes | Apr 29, 2010 5:54 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:55 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:57 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:13 pm | |
| Roger Wickes | Apr 29, 2010 6:13 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:25 pm | |
| Michael Judd | Apr 29, 2010 6:39 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:58 pm | |
| Martin Poirier | Apr 29, 2010 7:22 pm | |
| Benjamin Tolputt | Apr 29, 2010 9:24 pm | |
| Campbell Barton | Apr 29, 2010 9:46 pm | |
| Michael Judd | Apr 29, 2010 9:48 pm | |
| Benjamin Tolputt | Apr 29, 2010 11:28 pm | |
| Luke Frisken | Apr 30, 2010 2:01 am | |
| Roger Wickes | Apr 30, 2010 4:52 am | |
| Ton Roosendaal | Apr 30, 2010 5:06 am | |
| Jason Wilkins | Apr 30, 2010 10:54 am | |
| jonathan d p ferguson | Apr 30, 2010 11:56 am | |
| Benjamin Tolputt | Apr 30, 2010 5:39 pm | |
| Ruslan Merkulov | Apr 30, 2010 7:04 pm | |
| Jason Wilkins | Apr 30, 2010 7:52 pm | |
| Tom M | Apr 30, 2010 8:06 pm | |
| Benjamin Tolputt | Apr 30, 2010 11:20 pm | |
| Benjamin Tolputt | Apr 30, 2010 11:23 pm | |
| Jason W. | Apr 30, 2010 11:43 pm | |
| jsplifer | May 1, 2010 1:45 am | |
| horace grant | May 1, 2010 8:38 am |
| Subject: | Re: [Bf-committers] "Security" gets in the way | |
|---|---|---|
| From: | horace grant (hora...@gmail.com) | |
| Date: | Apr 28, 2010 4:28:17 am | |
| List: | org.blender.bf-committers | |
On Wed, Apr 28, 2010 at 10:35 AM, Remo Pini <remo...@avexys.com> wrote:
Hm...
To me - as a person coming from the IT security field - there seems to be an
interesting conundrum:
At some point in the past, someone made the choice of using Python as the
pervasive scripting language in Blender. We've all heard through various emails
on how it is basically NOT possible to lock down Python to be secure (as well as
being outside of the scope of actual language development according to the
Python gurus, so it will never happen). At the same time, tons of stuff depends
on Python being "fully" enabled, so shutting it off is not really an option as
well.
From my experience, if an option needs to be turned on/off most of the time for
things to work, it will be left at the most convenient setting always, so there
really is no value in having the option in the first place.
From what I have read so far, the only "real" solution would be to move to a
truly "sandboxable"/embeddable scripting language such as LUA, which is not
going to happen or to keep running with the existing model of trusting everybody
not to screw around with Python scripts.
All other solution that I have seen place an unmanageable burden on the user and
usually require a central controlling entity (i.e. signed vs. unsigned code
having access to restricted functions such as I/O).
We should keep this in perspective though. Most other 3D packages currently
allow "dangerous" scripting too, so we don't really behave any worse by allowing
scripts in the current setting than any other solution. Which is not to say that
we shouldn't try to be "better" than the other packages on the long run...
Ultimately, I would suggest to abandon Python for a truly embedded scripting
solution (i.e. LUA), but that would be a massive change with a huge impact...
maybe worth a thought for Blender 3.0.
no need for lua. python is the much nicer language. :p there is pypy which supports sandboxing and which also gets cpython api compatible at the moment.
http://morepypy.blogspot.com/2010/04/using-cpython-extension-modules-with.html
in 2 years or so (once pypy is more mature and python 3 compatible) it should be no big problem to replace cpython with pypy. as another benefit pypy will be much faster than cpython due to its jit compiler.
Cheers
Remo
So the scenario here as I see it is: people who don't know about this leave the loading of scripts off (and are safe from the evil blender hackers out there), next people start having the problems related to this setting and due to it being unusable in production they find out how to disable it everywhere and then they are right where everything started, except from time to time someone forgets to set the flag on and gets a nice headache while wondering why this feature exists in the first place
added -Y option to enable script execution, this means render nodes don't need to have .B25.blend's
eg. ./blender.bin -b -Y myblend.blend -a
I have a history of lost work and time with this so called security features where blender decides to turn off drivers and ignore script links and so on and you don't notice it until you have worked on a faulty rig/scene for a long time or you have rendered some heavy frames and have to do it all over again. In 2.5 since the inclusion of the "trusted source" option this has done nothing but cause problems everywhere from teaching to every day jobs; students load rigs that don't work and naturally they do not know the difference, lost time with clients that in order to review a rig had to turn on the load py scripts option and they didn't knew about it so we all loose time, etc.
Today I sent a render to the farm and when it finished the character was all wrong.. so I spent a long time changing the .B25.blend files on all 17 machines (boot with X session, change preference, reboot again). After all this I launch the render again and when it finished the problem is still there. It so happens that rendering from command line ignores the .B25.blend file... so not good. I had to export animation as MDD point cache and import back as RVKs in order to workaround the missing drivers
So my point of view here is: stop playing around with my scene *please*, it's hard enough to get things working for blender to decide to break some random part. And this is the point of view of someone with 8 years of using blender almost every day, imagine someone new trying to figure out this problems?
_______________________________________________ Bf-committers mailing list Bf-c...@blender.org http://lists.blender.org/mailman/listinfo/bf-committers
_______________________________________________ Bf-committers mailing list Bf-c...@blender.org http://lists.blender.org/mailman/listinfo/bf-committers