Closed ceremcem closed 6 years ago
Our FreeCAD workbench doesn't autorun scripts when you open them unless you override the setting for that. We rely on the user to ensure that the script they're running is safe before executing it. I'm not aware of any in-built security checks, although our CQFM implementation kind of sandboxes scripts. However, I doubt it's enough to avoid security concerns due to executing malicious code.
Thanks for the answer. (I'll continue after closing the issue)
We rely on the user to ensure that the script they're running is safe before executing it
I think that can't actually serve as a precaution because we can't always read the models we get. We could verify at the beginning and we'll quit when it gets a burden some time later. It will be like Windows popups, I mean, people will just run the code without reading.
CQFM implementation kind of sandboxes scripts
That is what I hope to hear in the first place. I think that this sandboxing approach has to be perfectly enough to stay in the safe side. I mean, how does Repl.it manage to do this goal?
Hi,
I'm currently using FreeCAD and I needed some scripting support where the script should be distributed by the document and executed upon document open/update. We have discussed the issue here and it seems the only problem is the security concerns.
If running any code would be that dangerous, how did you managed to stay in the safe side? I think the same precautions might be ported into FreeCAD.