[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/AccessControl - ZopeGuards.py:1.13

[Chris Withers]

Shane Hathaway wrote:
> 
> Chris, this opens a security hole.  

How so?

> You must be careful not to allow 
> arbitrary imports, even if the attempt would later result in an 
> Unauthorized error, because importing a module may have undesirable side 
> effects.

But surely you'd have to get the module onto the filesystem in order for it to 
be importable? AFAIR, all bets are off once you can put code onto the filesystem 
and so for a security hole to be opened by this code, your system would have to 
be badly compromised anyway...

That said, if you can provide a better solution to the problem, I'm all ears :-)

cheers,

Chris