[Zope] External Methods, Proxy Roles, and Executable Security

Jens Vagelpohl jens at dataflake.org
Tue Nov 22 15:51:25 EST 2005


On 22 Nov 2005, at 20:08, Dieter Maurer wrote:
> You have lost the thread's start:
>
>   George's problem has been that he could not move an object
>   in an *EXTERNAL METHOD*, i.e. in trusted filesystem code.
>
>   He would have the same problem in a filesystem product.
>
>   The problem is that "CopySupport" performs a local security
>   check (in "_verifyObjectPaste") independent from its caller
>   (it does not matter whether the rename/move/copy was
>   called from trusted or untrusted code).
>
>   With appropriate proxy roles, an untrusted Python Script can  
> perform some
>   rename/move/copy that trusted code is unable to perform.
>
> I assume you can agree that this is a somewhat unsane situation...

Yes, that's very odd...  thanks for reminding me of the thread's start!

jens



More information about the Zope mailing list