On Mon, Jul 5, 2010 at 12:57 PM, Shane Hathaway <shane@hathawaymix.org> wrote:
On 07/02/2010 11:49 AM, Tres Seaver wrote:
Jim has asserted (but not really explained) that the C extension closes some kind of security hole. I don't see any credible attack vector myself, but then I no longer believe it worthwhile to devote my own energy to defending against malicious TTW programmers.
FWIW, I imagine the problem is that zope.security treats zope.i18nmessageid as a rock, so if the implementation is in Python, it probably allows untrusted code to do this:
>>> msg.__setattr__.im_func.func_globals['__builtins__']['__import__'] <built-in function __import__>
I suggest the bug is in zope.security, which should never allow a type written in Python to be a rock.
Although I wouldn't go so far as calling this a "bug", I like the idea of deciding whether to treat message ids as rocks depending on whether we're using the C implementation or not. Jim -- Jim Fulton