20,741
edits
Line 232: | Line 232: | ||
=== Security === | === Security === | ||
{{FGCquote | |||
|1= As discussed at https://wiki.python.org/moin/SandboxedPython , it's hard to embed Python without giving the scripts it runs full access to your system; hence, I wouldn't make this available to aircraft/scenery. (Nasal avoids this security problem by having its I/O functions only allow access to a limited range of files.) It could still be good to have available for local experimentation, but should be clearly labelled as insecure. | |||
|2= {{cite web | |||
| url = http://sourceforge.net/p/flightgear/mailman/message/34788309/ | |||
| title = <nowiki>Re: [Flightgear-devel] A FGPythonSys implementation: The embedded | |||
Python interpreter as a FlightGear subsystem.</nowiki> | |||
| author = <nowiki>Rebecca N. Palmer</nowiki> | |||
| date = Jan 22nd, 2016 | |||
| added = Jan 22nd, 2016 | |||
| script_version = 0.23 | |||
}} | |||
}} | |||
{{FGCquote | {{FGCquote | ||
|1= The security issue is that I expect FlightGear aircraft and scenery to be "content", i.e. safe to use even if I don't trust their authors with all my files, not "executables" (such as standalone-Python scripts), i.e. unrestricted so only to be installed from trusted sources. I agree it would be access as the FlightGear user and not as root, but that's already enough for the common home-user-targeted forms of malware. (And it might be remotely exploitable: last time I looked, Terrasync was un-authenticated, which is fine for a content-delivery channel but means it shouldn't be used for executables.) Inkscape, Gimp, etc only expose their scripting interface to plugins, not image files (i.e. the equivalent of giving FlightGear a Python interface but not allowing aircraft to use it, which I don't object to); Blender has an option to allow scripts in model files, but it is off by default (https://www.blender.org/manual/advanced/scripting/python/security.html). | |1= The security issue is that I expect FlightGear aircraft and scenery to be "content", i.e. safe to use even if I don't trust their authors with all my files, not "executables" (such as standalone-Python scripts), i.e. unrestricted so only to be installed from trusted sources. I agree it would be access as the FlightGear user and not as root, but that's already enough for the common home-user-targeted forms of malware. (And it might be remotely exploitable: last time I looked, Terrasync was un-authenticated, which is fine for a content-delivery channel but means it shouldn't be used for executables.) Inkscape, Gimp, etc only expose their scripting interface to plugins, not image files (i.e. the equivalent of giving FlightGear a Python interface but not allowing aircraft to use it, which I don't object to); Blender has an option to allow scripts in model files, but it is off by default (https://www.blender.org/manual/advanced/scripting/python/security.html). |