On Thu, Nov 07, 2002 at 04:10:12PM +0000, Florent Guillaume wrote:
I can't see the point of this. The whole point of having TTW python scripts is that they execute in a *restricted* environment, and thus pose no security problem. Your ZShellScripts are a gaping security hole, anyone gaining control of your Zope site (sniffing a password for instance) gains control of your whole machine.
Fine ! You were the first ! see : http://zope.nipltd.com/public/lists/zope-archive.nsf/47ba74c812dbc5dd8025687... especially my 5th paragraph :-) Of course you're wrong. ZShellScripts actually support several languages : - Python : should be exactly as safe as native Zope Python Scripts, since most of the code comes directly from Zope's PythonScript code. - Lisp : runs in a restricted environment, the Lisp interpreter itself is written in Python. - Zope ZShell : runs in a restricted environment (ok this one is not yet fully included) similar to the ZShell standalone product which checks permissions everywhere (or maybe almost everywhere but I haven't received any message concerning security problems in a year and a half) - Unix : runs in a "somewhat" restricted environment : in fact it runs as the user Zope is run as, which shouldn't be root (at least for me it's not root !). You claim of someone gaining full control of my machine is uninformed, at best. OK, the code is not perfect yet, and the 0.2 and CVS versions almost certainely still have security problems, but personnally I can't see the point of people constantly complaining. The fact is that both "Script (ZShell)" objects as well as "Shell (Unix)" objects have permissions which are (or will be) checked. You can expect them to be two times more safe then ;-) As said in a previous message, just forbid people to add or use "Shell (Unix)" objects if you're afraid, and still use the rest if you want, because the execution delegation facility allows some parts of the product to be used independantly than the others. I think you should contribute some code or constructive bug(s) report(s) instead of complaining. Thanks in advance for your cooperation. Jerome Alet