9
$\begingroup$

In a recent release of blender a safeguard for python scripts has been introduced. This is to prevent python script from doing any damage to the system. Although I doubt that there are any blender users that want to wreck havoc. Blender now has a built in system for protecting against malicious scripts. I do not trust this system though. How can I determine if a python script is hostile manually?

So far this is what I have come up with:

import os there is no reason that a python script for blender needs this module, this allows the user to run cmd/terminal commands.

What other things are there to watch out for?

Improve this question
$\endgroup$
2
  • $\begingroup$ Why not? os.path is part of os and it's pretty useful. $\endgroup$ Commented Feb 23, 2014 at 20:41
  • $\begingroup$ Depending on the length of the script: maybe just read it? That'd at least require an attacker to obfuscate it a bit. $\endgroup$ Commented Feb 24, 2014 at 2:25

2 Answers 2

Reset to default
11
$\begingroup$

os isn't the only module that provides functions to remove files from filesystem etc., shutils can be used for such evil things too. Or you could somehow shell-execute system commands to do so.

Module imports can even be camouflaged like this:

evil_module = __import__(chr(int("".join(map(lambda x: str(x), [1]*3)))) + '\x73')

So you won't immediately know what it actually imports (os module in this case).

What is to be seen malicious also depends on your view. Like with any trojan, virus or whatever, they don't necessarily damange your system or delete things. A python script could open a network connection and send spam mails, or transmit information about your machine to an attacker.

There are many possibilities to abuse python, and bpy makes it rather worse - bpy.ops.wm.url_open(url="...") could be used to open a prepared website, that infects you with a drive-by download.

The best protection is it run scripts from trusted sources only.

Improve this answer
$\endgroup$
9
  • $\begingroup$ Thanks for the example CodemanX. Are there any others that you can think of. It would be nice to have a list compiled of anything which may be suspicious. Really, it would be nice if Blender could detect these and show a warning. $\endgroup$ Commented Feb 23, 2014 at 22:45
  • $\begingroup$ I don't think it's possible to define a list of potentially malicious modules, functions etc., just like for virus scanners. You wouldn't want to block I/O for an importer/exporter, but a malicious script may use it to spread itself. There is no absolute security, unless you unplug your computer and never use it. It doesn't make any sense IMO to collect things that could be abused (people are too creative), you would either break good scripts, or inevitably overlook something a bad script makes use of. $\endgroup$ Commented Feb 24, 2014 at 0:37
  • $\begingroup$ Alright, so I agree with a lot of that but there would have to be a pretty good reason for scripts to have the ability to delete files on the HD. That to me is something people should be aware of if it exists. Another one would be network access. To my thinking, Python interfaces should have no concept of either of these two ideas. These two things combined could destroy a lot of computers. There is no reason for this threat to even be in Blender. There is a very good reason why Windows OS has proven so unsecure and it's all the software that has these vulnerability built in. $\endgroup$ Commented Feb 24, 2014 at 5:03
  • $\begingroup$ It's not just Blender users that are a problem. If people who like to target other peoples machines with malicious code have a way to use Blender installations as a site of venerability then they will certainly exploit this. If you leave the front door of your house open when you are not there then people will go into your house and take things. That is unfortunately the way the world is. Anything features like this should be set to 'off' by default and even expert users should have to jump through annoying hoops to activate them for their own machines. $\endgroup$ Commented Feb 24, 2014 at 5:08
  • $\begingroup$ Have a look at the trunk addons, e.g. netrender: It requires the modules sys, os, http, socket, shutil and more. It sends and receives data via network (could also be internet I guess) and removes files recursively (shutil.rmtree), it's not a malicious script however. Would you want this to be blocked? $\endgroup$ Commented Feb 24, 2014 at 14:51
2
$\begingroup$

There are justifiable use-cases for all potentially dangerous python modules. The more you exclude from python in a standard Blender distribution, the less useful it is for good-natured coders. Some of the built-ins, exec() and eval() for instance, can add an extra layer of obfuscation to the code being executed, you'd need to use repr() to see what kind of code they're attempting to run - but that doesn't mean that they don't have perfectly legitimate uses in a dynamic program.

Yeah, it's a valid security concern and that's why Blender doesn't auto-run python scripts in .blend files by default, until you manually tick the box "Auto Run Python Scripts". Blender will tell you if a driver in a .blend wants to auto run, but it will make you navigate to User-Preferences -> File and set it yourself.

enter image description here

The only way to reduce potential harm of using .blends / scripts that you don't trust, is to first read them. With scripts at least you can read the source, how many programs do you install for which you don't first read the source? A lot probably.

Improve this answer
$\endgroup$

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.