diff options
| -rw-r--r-- | CMakeLists.txt | 4 | ||||
| -rw-r--r-- | source/blender/blenkernel/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | source/blender/blenkernel/intern/blender.c | 6 | ||||
| -rw-r--r-- | source/blender/windowmanager/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | source/blender/windowmanager/intern/wm_files.c | 6 | ||||
| -rw-r--r-- | source/creator/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | source/creator/creator.c | 16 |
7 files changed, 41 insertions, 3 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 3711227fdef..a3baf582b9f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -102,8 +102,12 @@ get_blender_version() # Blender internal features option(WITH_INTERNATIONAL "Enable I18N (International fonts and text)" ON) + option(WITH_PYTHON "Enable Embedded Python API (only disable for development)" ON) +option(WITH_PYTHON_SECURITY "Disables execution of scripts within blend files by default (recommend to leave off)" OFF) mark_as_advanced(WITH_PYTHON) # dont want people disabling this unless they really know what they are doing. +mark_as_advanced(WITH_PYTHON_SECURITY) # some distrobutions see this as a security issue, rather then have them patch it, make a build option. + option(WITH_PYTHON_SAFETY "Enable internal API error checking to track invalid data to prevent crash on access (at the expense of some effeciency, only enable for development)." OFF) option(WITH_PYTHON_MODULE "Enable building as a python module (experemental, only enable for development)" OFF) option(WITH_BUILDINFO "Include extra build details (only disable for development & faster builds)" ON) diff --git a/source/blender/blenkernel/CMakeLists.txt b/source/blender/blenkernel/CMakeLists.txt index 47d393559f4..0b616f81ef3 100644 --- a/source/blender/blenkernel/CMakeLists.txt +++ b/source/blender/blenkernel/CMakeLists.txt @@ -282,6 +282,10 @@ endif() if(WITH_PYTHON) list(APPEND INC ../python ${PYTHON_INCLUDE_DIRS}) add_definitions(-DWITH_PYTHON) + + if(WITH_PYTHON_SECURITY) + add_definitions(-DWITH_PYTHON_SECURITY) + endif() endif() if(WITH_OPENMP) diff --git a/source/blender/blenkernel/intern/blender.c b/source/blender/blenkernel/intern/blender.c index d1a181046a6..ce6a95430e3 100644 --- a/source/blender/blenkernel/intern/blender.c +++ b/source/blender/blenkernel/intern/blender.c @@ -140,8 +140,12 @@ void initglobals(void) G.charstart = 0x0000; G.charmin = 0x0000; G.charmax = 0xffff; - + +#ifndef WITH_PYTHON_SECURITY /* default */ G.f |= G_SCRIPT_AUTOEXEC; +#else + G.f &= ~G_SCRIPT_AUTOEXEC; +#endif } /***/ diff --git a/source/blender/windowmanager/CMakeLists.txt b/source/blender/windowmanager/CMakeLists.txt index db0815efa53..1a056b56eff 100644 --- a/source/blender/windowmanager/CMakeLists.txt +++ b/source/blender/windowmanager/CMakeLists.txt @@ -98,6 +98,10 @@ endif() if(WITH_PYTHON) list(APPEND INC ../python ${PYTHON_INCLUDE_DIRS}) add_definitions(-DWITH_PYTHON) + + if(WITH_PYTHON_SECURITY) + add_definitions(-DWITH_PYTHON_SECURITY) + endif() endif() if(WITH_GAMEENGINE) diff --git a/source/blender/windowmanager/intern/wm_files.c b/source/blender/windowmanager/intern/wm_files.c index f5fe98ae4d4..05cf71fcd83 100644 --- a/source/blender/windowmanager/intern/wm_files.c +++ b/source/blender/windowmanager/intern/wm_files.c @@ -418,6 +418,12 @@ int WM_read_homefile(bContext *C, ReportList *reports, short from_memory) if(success==0) { success = BKE_read_file_from_memory(C, datatoc_startup_blend, datatoc_startup_blend_size, NULL); if (wmbase.first == NULL) wm_clear_default_size(C); + +#ifdef WITH_PYTHON_SECURITY /* not default */ + /* use alternative setting for security nuts + * otherwise we'd need to patch the binary blob - startup.blend.c */ + U.flag |= USER_SCRIPT_AUTOEXEC_DISABLE; +#endif } /* prevent buggy files that had G_FILE_RELATIVE_REMAP written out by mistake. Screws up autosaves otherwise diff --git a/source/creator/CMakeLists.txt b/source/creator/CMakeLists.txt index 87850528648..d1f5cddc981 100644 --- a/source/creator/CMakeLists.txt +++ b/source/creator/CMakeLists.txt @@ -75,6 +75,10 @@ endif() if(WITH_PYTHON) blender_include_dirs(../blender/python) add_definitions(-DWITH_PYTHON) + + if(WITH_PYTHON_SECURITY) + add_definitions(-DWITH_PYTHON_SECURITY) + endif() endif() if(WITH_GAMEENGINE) diff --git a/source/creator/creator.c b/source/creator/creator.c index 758989b3eb0..e8763c42efe 100644 --- a/source/creator/creator.c +++ b/source/creator/creator.c @@ -1074,10 +1074,22 @@ static void setupArguments(bContext *C, bArgs *ba, SYS_SystemHandle *syshandle) BLI_argsAdd(ba, 1, "/?", NULL, "\n\tPrint this help text and exit (windows only)", print_help, ba); BLI_argsAdd(ba, 1, "-v", "--version", "\n\tPrint Blender version and exit", print_version, NULL); + + /* only to give help message */ +#ifndef WITH_PYTHON_SECURITY /* default */ +# define PY_ENABLE_AUTO ", (default)" +# define PY_DISABLE_AUTO "" +#else +# define PY_ENABLE_AUTO "" +# define PY_DISABLE_AUTO ", (compiled as non-standard default)" +#endif - BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution (default)", enable_python, NULL); - BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)", disable_python, NULL); + BLI_argsAdd(ba, 1, "-y", "--enable-autoexec", "\n\tEnable automatic python script execution" PY_ENABLE_AUTO, enable_python, NULL); + BLI_argsAdd(ba, 1, "-Y", "--disable-autoexec", "\n\tDisable automatic python script execution (pydrivers, pyconstraints, pynodes)" PY_DISABLE_AUTO, disable_python, NULL); +#undef PY_ENABLE_AUTO +#undef PY_DISABLE_AUTO + BLI_argsAdd(ba, 1, "-b", "--background", "<file>\n\tLoad <file> in background (often used for UI-less rendering)", background_mode, NULL); BLI_argsAdd(ba, 1, "-a", NULL, playback_doc, playback_mode, NULL); |