A look at security in Blender

A few moons ago secu­ri­ty researchers at Cisco made waves in the Blender com­mu­ni­ty after dis­clos­ing a num­ber of vul­ner­a­bil­i­ties that could allow an attack­er to run arbi­trary code. All the of them were fixed by 2.79a but it’s still pos­si­ble to make Blender run arbi­trary code. In fact, it has always been pos­si­ble.

Beyond the exploits

Blender embeds a full Python inter­preter with no restric­tions. All of Python is avail­able, includ­ing the os and sub­process mod­ules. You can even install PIP for Blender’s Python and install third-par­ty libraries with it. This lack of lim­its is nec­es­sary since Blender uses Python scripts for quite a few things:

  • Setting up the UI layout
  • Drivers (ani­ma­tion)
  • The game engine (pre‑2.8, RIP in 2.8)
  • Keymaps
  • Operator pre­sets
  • Addons
  • Actual python scripts (of course)

To be clear: unre­strict­ed access means the same lev­el of access to the sys­tem and files that you (or the oth­er appli­ca­tions you run) have. Any of these scripts can access your files, read them, delete them, etc. Almost a pri­mor­dial soup for malware.

As far as I’m con­cerned, open­ing a file with Blender should be con­sid­ered lie open­ing a file with the Python inter­preter, you have the trust to the source it is com­ing from.”

Brecht Van Lommel

This issue isn’t unique to Blender of course, near­ly all CG appli­ca­tions run scripts of some kind in these and oth­er ways. Hold the tin­foil hats though! There are no know attacks or cas­es of mal­ware using Blender, and pro­tect­ing your­self from any future or pos­si­ble attacks isn’t hard.

Let’s see how and when Python code gets run

Some code runs auto­mat­i­cal­ly when you open Blender or a blend file while some code has to be run man­u­al­ly (by press­ing a but­ton in an addon, for example). 

Drivers are run every­time the cur­rent frame changes. That includes scrub­bing through the time­line, ren­der­ing and open­ing a blend file (since it has to set a cur­rent frame). Of course if a dri­ver is dis­abled it won’t run.  Scripts in text blocks can be run in both ways. If it has the reg­is­ter option tog­gled on the script will be run when you open the blend file, oth­er­wise it can be run man­u­al­ly by click­ing the run but­ton (or call­ing the run oper­a­tor through Python).

The active Keymap is run every­time you start Blender, some of them (like the Maya keymap) will reg­is­ter new oper­a­tors to help cre­ate a spe­cif­ic work­flow. Addons will run code every­time you open Blender to reg­is­ter their pan­els, prop­er­ties, oper­a­tors, etc. This part of the code is always locat­ed in the reg­is­ter() func­tion in the __init__.py file (in case you want to peek). Addons will also run anoth­er func­tion when being dis­abled, the unreg­is­ter() func­tion. And of course, addons will also run code when you use them.

Finally the code to set­up the UI is run con­stant­ly through a timer. However those scripts are bun­dled with Blender and you’ll nev­er have to touch them. In case you’re won­der­ing, themes are XML files which is a data for­mat so they have no code.

Staying safe

Blender can pre­vent blend files from auto run­ning python code and, in fact does it by default. When you load a non-trust­ed blend file that wants to run code you will be prompt­ed to autho­rize it by reload­ing it as a trust­ed file (or not). This will pre­vent dri­vers and scripts set to reg­is­ter from exe­cut­ing, how­ev­er this can be annoy­ing when work­ing with one’s own files so it’s com­mon to set the default to always allow auto-run and for­get about it but doing this opens you to attacks embed­ded in blend files.

We can find a bal­ance between secu­ri­ty and con­ve­nience by allow­ing auto-run but also set­ting an exclud­ed fold­er (or sev­er­al) to keep unsafe blend files. Files in the exclud­ed fold­er will not be trust­ed and won’t auto-run. Both the Auto Run Python Scripts  and Excluded Folders set­tings can be found in the File tab of the User Preferences. It’s a good idea to set this to your down­loads fold­er, but you can also add oth­er directories.

(“tmp” is my down­loads folder)

That’s only the first line of defense though, you could still allow a script to run and turn out to have mali­cious code. That’s why it’s impor­tant to con­sid­er where you got the blend file you’re open­ing. Blendswap, the Blender Cloud and sites from well-known blender­heads are always a safe bet. Be cau­tious when open­ing blend files from BlenderArtists, BlenderExchange or any oth­er third par­ty site/forum.

(Oh yeah , this site is a safe bet too!)

When you open one of those files and it tries to run some code con­sid­er whether it should real­ly be doing that. Is the file sup­posed to have a rig? Is it sup­posed to be an ani­ma­tion? Did the author men­tion it had dri­vers or some oth­er script? Try giv­ing it a clos­er look before allow­ing scripts.

The same applies when adding third-par­ty keymaps or pre­sets, though I haven’t seen many of those. A final tip: if you find that some blend file or keymap has mal­ware, please report it! Talk about it in the Blender com­mu­ni­ty through the forums, twit­ter or IRC. That way, if mal­ware ever shows up we can catch it early.

If all this talk about secu­ri­ty has peaked your inter­est, check out this pre­sen­ta­tion by Ralph Echemeddia as well as the classic “Hacking Hollywood” by Nick Freeman.

All the posts you can read
ArticlesBlender, Python21.10.2020