[Zope-Checkins] CVS: Zope/doc - CHANGES.txt:1.535.2.159

Tres Seaver tseaver at zope.com
Thu Jan 8 15:54:18 EST 2004


Update of /cvs-repository/Zope/doc
In directory cvs.zope.org:/tmp/cvs-serv4625/doc

Modified Files:
      Tag: Zope-2_6-branch
	CHANGES.txt 
Log Message:


  - Some improper security assertions on DTMLDocument objects could 
    potentially allow access to members that should be protected.


=== Zope/doc/CHANGES.txt 1.535.2.158 => 1.535.2.159 ===
--- Zope/doc/CHANGES.txt:1.535.2.158	Thu Jan  8 15:47:21 2004
+++ Zope/doc/CHANGES.txt	Thu Jan  8 15:53:47 2004
@@ -8,6 +8,16 @@
 
     Bugs Fixed
 
+     - Some improper security assertions on DTMLDocument objects could 
+       potentially allow access to members that should be protected.
+
+     - Class security was not properly intialized for PythonScripts, 
+       potentially allowing access to variables that should be protected. 
+       It turned out that most of the security assertions were in fact 
+       activated as a side effect of other code, but this fix is still 
+       appropriate to ensure that all security declarations are properly 
+       applied.
+
      - The dtml-tree tag used an "eval" of user-supplied data; its 
        efforts to prevent abuse were ineffective.
 
@@ -31,39 +41,34 @@
        a script to potentially access those objects without ensuring the 
        necessary permissions on the part of the executing user.
 
-     - Enforce new restrictions on untrusted code, identified during
-       the December 2003 security audit:
-
-       o Iteration over sequences could in some cases fail to check access 
-         to an object obtained from the sequence. Subsequent checks (such 
-         as for attributes access) of such an object would still be 
-         performed, but it should not have been possible to obtain the 
-         object in the first place.
-
-       o List and dictionary instance methods such as the get method of 
-         dictionary objects were not security aware and could return an 
-         object without checking access to that object. Subsequent checks 
-         (such as for attributes access) of such an object would still be 
-         performed, but it should not have been possible to obtain the 
-         object in the first place.
-
-       o Use of 'import as. in Python scripts could potentially rebind 
-         names in ways that could be used to avoid appropriate security 
-         checks.
-
-       o A number of newer built-ins (min, max, enumerate, iter, sum)
-         were either unavailable in untrusted code or did not perform
-         adequate security checking.
-
-       o Unpacking via function calls, variable assignment, exception 
-         variables and other contexts did not perform adequate security 
-         checks, potentially allowing access to objects that should have 
-         been protected.
-
-       o DTMLMethods with proxy rights could incorrectly transfer those 
-         rights via acquisition when traversing to a parent object.
+     - Iteration over sequences could in some cases fail to check access 
+       to an object obtained from the sequence. Subsequent checks (such 
+       as for attributes access) of such an object would still be 
+       performed, but it should not have been possible to obtain the 
+       object in the first place.
+
+     - List and dictionary instance methods such as the get method of 
+       dictionary objects were not security aware and could return an 
+       object without checking access to that object. Subsequent checks 
+       (such as for attributes access) of such an object would still be 
+       performed, but it should not have been possible to obtain the 
+       object in the first place.
+
+     - Use of 'import as. in Python scripts could potentially rebind 
+       names in ways that could be used to avoid appropriate security 
+       checks.
+
+     - A number of newer built-ins (min, max, enumerate, iter, sum)
+       were either unavailable in untrusted code or did not perform
+       adequate security checking.
+
+     - Unpacking via function calls, variable assignment, exception 
+       variables and other contexts did not perform adequate security 
+       checks, potentially allowing access to objects that should have 
+       been protected.
 
-     - PythonScript was missing its class initialization.
+     - DTMLMethods with proxy rights could incorrectly transfer those 
+       rights via acquisition when traversing to a parent object.
 
      - Backport Python 2.3 test fix to
        lib/python/Products/PluginIndexes/DateIndex:  deal with the fact




More information about the Zope-Checkins mailing list