Security Issues in FreeCAD

[adhikaryjiban]

I have been assigned to analyze the security issues in FreeCAD as part of my Advanced Computer Security course. But I have not found any documentation or security related concerns anywhere. I am looking for things like if there are any issues in the source code that can be exploited from a security point of view or if there is any such mechanism to handle these issues. I have gone through all the release notes, bug fixes but I have not found any discussions related to this. There are some bugs that me fall into the category of exploitable (like segmentation fault, memory access, occasional crash for various actions etc.) but is there any documentation that covers the issues or vulnerabilities to make FreeCAD more secure? You can refer to http://www.cvedetails.com/ to check out vulnerability details for some softwares.

[cox]

Hi, adhikaryjiban and welcome to the forum.

I am not best person to comment on the security state of FreeCAD so to get the ball rolling until more clever minds can elaborate, here are a rambling.
Over the years I have noticed that there is taken considerable efforts to keep the file format free from user executable code(python scripts). It is easy to adapt FreeCAD with such scripts/plugins, but the user is expected to bring the code that a file expects into the environment himself. By doing it this way simply opening a FreeCAD file witch depends on addons will not execute any code.

So our fine developers are sacrificing convinience over security. Knowing this I personaly am wery confident that security issues are considered also in other areas of the software.

Glad you will be looking into this, More eyeballs etc.