22 Nov
2005
22 Nov
'05
8:51 p.m.
On 22 Nov 2005, at 20:08, Dieter Maurer wrote:
You have lost the thread's start:
George's problem has been that he could not move an object in an *EXTERNAL METHOD*, i.e. in trusted filesystem code.
He would have the same problem in a filesystem product.
The problem is that "CopySupport" performs a local security check (in "_verifyObjectPaste") independent from its caller (it does not matter whether the rename/move/copy was called from trusted or untrusted code).
With appropriate proxy roles, an untrusted Python Script can perform some rename/move/copy that trusted code is unable to perform.
I assume you can agree that this is a somewhat unsane situation...
Yes, that's very odd... thanks for reminding me of the thread's start! jens