Hi again, the 0.2 version of the Zope Shell is online at: http://cortex.unice.fr/~jerome/zshell/ New features: * bug corrections * a better whoami, thanks to Peter Bengtsson * wget now works and allows you to suck websites (not recursively yet) and put them into the ZODB. enjoy ! Jerome Alet - alet@unice.fr
Something that is dangerous about this script is that it does no security checking at all. Anyone one user with acces to the shell is essentialy promoted to a superuser through the shell. It would not be difficult for you to add security checkpoints to you code using the explicit securitymanager api documented in the developer's guide. http://sourceforge.net/projects/zope-devel/ -Michel On Fri, 4 May 2001, Jerome Alet wrote:
Hi again,
the 0.2 version of the Zope Shell is online at:
http://cortex.unice.fr/~jerome/zshell/
New features:
* bug corrections
* a better whoami, thanks to Peter Bengtsson
* wget now works and allows you to suck websites (not recursively yet) and put them into the ZODB.
enjoy !
Jerome Alet - alet@unice.fr
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Fri, May 04, 2001 at 05:17:55PM -0700, Michel Pelletier wrote:
Something that is dangerous about this script is that it does no security checking at all. Anyone one user with acces to the shell is essentialy promoted to a superuser through the shell. It would not be difficult for you to add security checkpoints to you code using the explicit securitymanager api documented in the developer's guide.
I'll look into that, but this isn't a priority yet. I prefer to have something which provides more commands quick, and look at other aspects later. I've only used it as a Manager however, but I thought that the underlying security would be taken care of by Zope itself when calling dangerous methods (like manage_delObjects for example) as a non Manager user. Am I wrong ? bye, Jerome Alet
Michel Pelletier wrote:
Something that is dangerous about this script is that it does no security checking at all. Anyone one user with acces to the shell is essentialy promoted to a superuser through the shell. It would not be difficult for you to add security checkpoints to you code using the explicit securitymanager api documented in the developer's guide.
It claims that "This Project Has Not Released Any Files". Does it mean that I am supposed to get stuff from CVS ? ------------------ Hannu
On Sat, May 05, 2001 at 02:31:14PM +0200, Hannu Krosing wrote:
Michel Pelletier wrote:
Something that is dangerous about this script is that it does no security checking at all. Anyone one user with acces to the shell is essentialy promoted to a superuser through the shell. It would not be difficult for you to add security checkpoints to you code using the explicit securitymanager api documented in the developer's guide.
It claims that "This Project Has Not Released Any Files".
Does it mean that I am supposed to get stuff from CVS ?
I've just seen the same message, so I've browsed the files with cvsweb, and now I better understand Michel's concerns: it seems as External methods run completely unrestricted by default, which I ignored until I read this document. bye, Jerome Alet
From: "Jerome Alet" <alet@unice.fr>
I've just seen the same message, so I've browsed the files with cvsweb, and now I better understand Michel's concerns: it seems as External methods run completely unrestricted by default, which I ignored until I read this document.
..and what of Scripts (Python) Do they inherit Zope permissions model.? Security should be addressed. I suppose one could extend 'Exernal Methods' to create a 'External Zshell Methods' But Jerome please don't let this slow you down writing Zshell functions now. Let's just agree that Zshell is a really powerful Essential Zope tool. An important concept which definitely needs developing. And it assumes greater responsibility than the default TTW interface, and wears a large sysadmin warning label! I have been using ZJavatelnetSSH Product quite often recently for sheer convenvince of remote Zope sysadmin. http://dev.zope.org/Members/dshaw/ZJavaTelnetSSH Webmin is another tool.. http://www.webmin.com/webmin/ How safe | how dangerous?? I really don't see the difference. What am I missing? ./Jason ___________________________________________________________ Jason CUNLIFFE = NOMADICS['Interactive Art and Technology']
On Sat, 5 May 2001, Jason Cunliffe wrote:
From: "Jerome Alet" <alet@unice.fr>
I've just seen the same message, so I've browsed the files with cvsweb, and now I better understand Michel's concerns: it seems as External methods run completely unrestricted by default, which I ignored until I read this document.
..and what of Scripts (Python) Do they inherit Zope permissions model.?
Yes. This comes at the cost of a small performance hit compared to external methods. My concern with ZShell is that as soon as your execution crosses the boundary between Zope and an external method, all security checks stop. So yes, Zope will restrict 'Bob' from running the ZShell external method if he doesn't not have the 'Use External Methods' permission, but if he *does* have the right permission, then no other permissions matter, because ZShell circumvents them.
Security should be addressed.
Absolutely!
I suppose one could extend 'Exernal Methods' to create a 'External Zshell Methods'
This won't help, as I said, as soon as a user has that one permission, they circumvent all of them.
But Jerome please don't let this slow you down writing Zshell functions now. Let's just agree that Zshell is a really powerful Essential Zope tool. An important concept which definitely needs developing. And it assumes greater responsibility than the default TTW interface, and wears a large sysadmin warning label!
Oh yes, don't take my warning as a discouragement, please continue. I just wanted to make sure everyone was aware of the security issues.
I have been using ZJavatelnetSSH Product quite often recently for sheer convenvince of remote Zope sysadmin. http://dev.zope.org/Members/dshaw/ZJavaTelnetSSH
Yeah, that's a really cool product that shows off some pretty amazing Java/ZClass integration. -Michel
participants (4)
-
Hannu Krosing -
Jason Cunliffe -
Jerome Alet -
Michel Pelletier