On Tue, Mar 02, 1999 at 01:43:10PM -0600, Tres Seaver wrote:
I looked at the ExternalMethod source last night a bit: the actual method execution is done via an apply() call, after loading and compiling the code for the function. We might be able to come up with an alternate product which used a carefully tuned rexec() (Bastion? I plead ignorance), operating on Python code stored in the Zbase itself.
This was an idea I'd proffered, but honestly haven't looked at enough yet to know whether it would work... it SHOULD work, but it might require some modifications to the aquisition code, but I've not looked neough yet.
The particulars of my case are that the control structures of DTML are not quite powerful enough to accomplish my task; of course, strengthening them, even in a "sandbox" model, still leaves open the possibility for buggy/malicious code to do ugly things (like your example below).
Well, it might help if you offered what control strucuture you need, we might be able to come up wit han interim solution.
Actually, the possibility which seemed most interesting was Doug Wyatt's suggestion of "federating" a set of independent Zbases under one (at least apparently one) server. Then any damage my ExternalMethod did would be to the Zbase would be on my own head, at least. If that server were actually a process running as me, then standard system security procedures should probably be fine.
TO me this is just a hack to get around it near term, and doesn't fix the problem. Also if you have 100 users, do you have 100 instances of zope running under 1 ZServer? That sounds like a true administrative nightmare... And substantial overkill. Chris -- | Christopher Petrilli ``Television is bubble-gum for | petrilli@amber.org the mind.''-Frank Lloyd Wright