1. Animate something for, say, 20 frames (ANIM when Sta:=1, End:=20) 2. Play animated result (PLAY when Sta:=1, End:=20) You:Blender 1:0 3. Naively bump End to 10 and play it (PLAY when Sta:=1, End:=10) Ha-ha, it still plays everything. You:Blender 1:1 4. Local luser can put some more images (read: pr0n) with just right filenames (remember, it's "%04x.%s") and blender will show them [1] You:Blender 1:2 5. Upon exit they are not removed from /tmp You:Blender 1:3 Attached patch is for #3: play just from start to end. It wasn't tested for AVIs et al, though. [1] check whether mismatching image sizes can crash it (it's too late here, sorry) [2] check whether "preallocating" symlinks in /tmp can screw you.
Created attachment 92168 [details, diff] Show animation from Sta: to End: and only in that interval.
May you report it also upstream?
Time to involve security team. Preallocating symlinks definitely works. ln -s /home/victim/.ssh/id_rsa /tmp/0001.jpg blender ANIM with Sta:=1, End:=10 (i. e.) The right fix is to rewrite that turdlet called BKE_makepicstring and friends. I'll see what I can do.
blender isn't suid...
(In reply to comment #3) > Time to involve security team. Preallocating symlinks definitely works. > > ln -s /home/victim/.ssh/id_rsa /tmp/0001.jpg > > blender > ANIM with Sta:=1, End:=10 (i. e.) As Luca said, blender isn't suid. However, it is annoying when other users have created such files and you don't have the permission to create those files. That said, the output location is a usersetting, so imho, the main issue is choosing a better default. What do you think?
Sorry, I wasn't clear enough. [attacker] ln -s /home/victim/.ssh/id_rsa /tmp/0001.jpg [victim] blender ANIM with Sta:=1, End:=10 (i. e.) [where is my ssh key?]
ls -al the file and the symlink and consider that blender isn't suid at all.
I don't think anyone is worring about changing this any time soon. As stated the default location for /tmp is user defined. What's more a lot of people consider the auto rewind to be a feature, not a bug.
Please voice your concern with upstream and/or reopen if you consider this problem really annoying for you.