[Zope-dev] Idea: User Product Folder

Casey Duncan c.duncan@nlada.org
Mon, 19 Nov 2001 09:12:10 -0500


This is more of an idea than a proposal at this point, so I thought I would 
post it here for discussion. There is a fishbowl project for creating an 
automated Product installation system. Something like Debian and FreeBSD 
have. Now, one of the issues that has been raised is whether you could make 
it so that Products could be installed TTW.

As it stands right now, that is not possible since the Zope system user 
generally would not (and should not) have write access to the Products 
directory. It also seems there is some doubt as to the merit of TTW product 
installation. Well, speaking from a human interface perspective, I think a 
TTW interface for product management would be a good thing[tm] and could be a 
"bullet point" feature for zope. It would also be useful in making Zope 
slightly easier for hosting services to deal with. You wouldn't have deal 
with the shell and therefore it would be greatly more accessible. It would 
also make "trying out zope" easier and more fun for newbies and damn it, 
making Zope more fun is what I'm all about 8^)

This morning I thought of one potential solution to this whole Product folder 
write access thing. There needs to be two types of product folders. The 
standard type, which would continue to work as we have come to know it and a 
"User Product" directory which would be writable from inside Zope. Now there 
would be at least two important restrictions on products in the "User 
Product" directory:

1. Installation of a User Product could not add or change files in the Zope 
core.

2. User Products can not "Monkey Patch" Zope.

Restriction 1 is implicit and doesn't take any additional steps other than 
setting the Zope lib directory read-only from inside Zope. 

Restriction 2 is there to protect against trojan products that could easily 
expose restricted methods and attributes to the web or create deliberate 
security holes. Now obviously this doesn't prevent this from happening other 
ways, so this may not be sufficient. How to impose this restriction is not 
entirely clear to me, but it seems that there should be some way to do it in 
Python 2.2.

Another possible but more severe restriction would be that "User Products" 
could not access certain attributes like "aq_base" or the like and would be 
subject to stringent security checking on attribute access. Whether that 
would be necessary I guess is one of the points of this discussion. Again, we 
may have to wait for Py 2.2 to make this happen.

Now, once there is a "User Products" folder an infrastructure would need to 
be setup so that products could be downloaded in installed TTW. But that is 
another story...

Whaddaya think?

/---------------------------------------------------\
  Casey Duncan, Sr. Web Developer
  National Legal Aid and Defender Association
  c.duncan@nlada.org
\---------------------------------------------------/