[Zope] super cannot do

[ethan mindlace fremen]

Chris McDonough wrote:
> 
> On Tue, 5 Sep 2000, Evan Simpson wrote:
> 
> > > I've got to say I agree with you here.  I'm still not 100% sure why the
> > > superuser or bootstrap user can't own anything.
> >
> > It's due to a combination of the trojan horse issue and the sticky
> > authentication issue, I think.  You really don't want to be authenticated as
> > super very often, because while you are, if you visit a page someone else
> > wrote, they can make your browser do evil things to your site.  This is also
> > true of Managers, but less so.  Similarly, a page owned by non-super has
> > tighter permissions than one owned by the super would.
> 
> Yes... the PDG security chapter has all of this in it, but it would seem
> that neither Chris W or I are completely satisfied by these answers.  :-)
> It seems a matter of diminishing returns, especially when newbies hit the
> wall during install, since we haven't provided them with an airbag yet.

I think this is exlusively because as of 2.2.1 objects execute according
to their ownership, not according to the permissions of the
AUTHENTICATED_USER.

Because of the widespread security implications of letting an object
that can be called by anyone have superuser permissions (which was not
possible under the prior regime), superuser can no longer own.

You can still get superuser-esque behavior by doing something in
external methods or some other mechanism that bypasses the security
machinery.

-- 
ethan mindlace fremen
Zopatista Community Liason
Abnegate I!