[Zope-Checkins] CVS: Zope/lib/python/Products/PythonScripts - PythonScript.py:1.43.6.4

Tres Seaver tseaver at zope.com
Thu Jan 8 15:12:39 EST 2004


Update of /cvs-repository/Zope/lib/python/Products/PythonScripts
In directory cvs.zope.org:/tmp/cvs-serv29583/lib/python/Products/PythonScripts

Modified Files:
      Tag: Zope-2_6-branch
	PythonScript.py 
Log Message:


  - Enforce new restrictions on untrusted code, identified during
    the December 2003 security audit.  These issues affect sites
    that allow untrusted users to write Python Scripts, Page Templates,
    and DTML:

    o Iteration over sequences could in some cases fail to check access 
      to an object obtained from the sequence. Subsequent checks (such 
      as for attributes access) of such an object would still be 
      performed, but it should not have been possible to obtain the 
      object in the first place.

    o List and dictionary instance methods such as the get method of 
      dictionary objects were not security aware and could return an 
      object without checking access to that object. Subsequent checks 
      (such as for attributes access) of such an object would still be 
      performed, but it should not have been possible to obtain the 
      object in the first place.

    o Use of 'import as. in Python scripts could potentially rebind 
      names in ways that could be used to avoid appropriate security 
      checks.

    o A number of newer built-ins (min, max, enumerate, iter, sum)
      were either unavailable in untrusted code or did not perform
      adequate security checking.

    o Unpacking via function calls, variable assignment, exception 
      variables and other contexts did not perform adequate security 
      checks, potentially allowing access to objects that should have 
      been protected.

    o DTMLMethods with proxy rights could incorrectly transfer those 
      rights via acquisition when traversing to a parent object.



=== Zope/lib/python/Products/PythonScripts/PythonScript.py 1.43.6.3 => 1.43.6.4 ===
--- Zope/lib/python/Products/PythonScripts/PythonScript.py:1.43.6.3	Tue Jun 10 18:08:37 2003
+++ Zope/lib/python/Products/PythonScripts/PythonScript.py	Thu Jan  8 15:12:08 2004
@@ -31,8 +31,7 @@
 from AccessControl import getSecurityManager
 from OFS.History import Historical, html_diff
 from OFS.Cache import Cacheable
-from AccessControl import full_write_guard, safe_builtins
-from AccessControl.ZopeGuards import guarded_getattr, guarded_getitem
+from AccessControl.ZopeGuards import get_safe_globals, guarded_getattr
 from zLOG import LOG, ERROR, INFO, PROBLEM
 
 # Track the Python bytecode version
@@ -216,6 +215,7 @@
 
     def _compiler(self, *args):
         return RestrictedPython.compile_restricted_function(*args)
+
     def _compile(self):
         r = self._compiler(self._params, self._body or 'pass',
                            self.id, self.meta_type)
@@ -246,13 +246,10 @@
         self._v_change = 0
 
     def _newfun(self, code):
-        g = {'__debug__': __debug__,
-             '__builtins__': safe_builtins,
-             '_getattr_': guarded_getattr,
-             '_getitem_': guarded_getitem,
-             '_write_': full_write_guard,
-             '_print_': RestrictedPython.PrintCollector,
-             }
+        g = get_safe_globals()
+        g['_getattr_'] = guarded_getattr
+        g['__debug__'] = __debug__
+        g['__name__'] = self.id
         l = {}
         exec code in g, l
         self._v_f = f = l.values()[0]




More information about the Zope-Checkins mailing list