[Zope-dev] Re: Puzzling change to guarded_getitem in Zope 2.8

Tres Seaver tseaver at palladion.com
Fri Aug 26 10:32:58 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Jones wrote:
> On Fri, 26 Aug 2005 10:00 am, Richard Jones wrote:
> 
>>I'm migrating our 2.7-developed Product to 2.8. The following change has me
>>puzzled. In 2.7,  AccessControl.ZopeGuards guarded_getitem has the
>>following code:
> 
> 
> OK, Tres made the change, with the relevant bit of the log message being:
> 
>     Iteration over sequences could in some cases fail to check access
>     to an object obtained from the sequence. Subsequent checks (such
>     as for attributes access) of such an object would still be
>     performed, but it should not have been possible to obtain the
>     object in the first place.
> 
>     List and dictionary instance methods such as the get method of
>     dictionary objects were not security aware and could return an
>     object without checking access to that object. Subsequent checks
>     (such as for attributes access) of such an object would still be
>     performed, but it should not have been possible to obtain the
>     object in the first place.
> 
> So I presume that the change *intended* to move the onus of validation from 
> the guarded_getitem method to the __getitem__ method of the container? No 
> more trusted access to custom (ie. not builtin) sequence/mapping objects?

Disclaimer:  while I committed those changes, they were the result of a
month-long audit by most of ZC's staff in December 2003;  my memory of
the rationale for each change is thus extra suspect.

IIRC, the decision was that the ability to enforce access based on key
(rather than attribute name) was an accidental artifact;  further, that
passing the key as 'name' to validate caused a bunch of other weird side
effects, which all went away if we passed 'None', as originally intended
for checks on __getitme__.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDDyga+gerLs4ltQ4RAroRAJ0QQKNFCpFxQHD7NPYokToMTY2h9ACg00zs
4i3Z1kTEzg29apTS2iPpFfk=
=NrGV
-----END PGP SIGNATURE-----

More information about the Zope-Dev mailing list