[Zope] LocalFS Security

[Oliver Bleutgen]

Jonathan Stoneman wrote:
> Hi,
> 
> We have a Zope server that out customers can have space on.  We 
> provide them with an folder containing a User Folder which contains
> their user.  They can then do whatever they want within this space.
> We do not want to place any un-necessary limitations on what they
> can do.
> 
> The problem is that we want to install the LocalFS product on the 
> server.  If the customers have permissions that allow them to create
> or edit LocalFS objects, then they can access any part of the local
> file system that the zope user can.  
> 
> We can stop them from creating and editing LocalFS objects by 
> removing the Add Local File Systems and Change Local File System 
> Properties permissions from their roles in the root folder.  The 
> customers would then have to contact us to have a LocalFS object 
> created or edited but this would be an acceptable solution.
> 
> The problem with this solution is that they can change the role that 
> their user has, or change the permissions of their folder.  Either 
> way they can get permission to create / edit LocalFS objects.  We 
> could stop them from doing this by taking away their Manage Users 
> and Change Permissions permissions, but this is not really 
> acceptable.
> 
> Is there any other way that we can install the LocalFS product and
> stop users from creating / editing instances of that object?
> 
> 
> Thanks... JOn

How about modifying the localfs product to not allow arbitrary paths?
Like always prepending /home/yourlocaluseraccount/ to what they type in, 
this is the simplest method coming to my mind. Other involve chroots and 
such stuff which will get very nasty.
But you'll have to seriously think about it, because you'll have to 
prevent the user from configuring LocalFS with ../../../etc/passwd and 
that stuff.
Maybe filtering out '..' should do it?

HTH,
oliver