[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/AccessControl - ZopeGuards.py:1.13
Shane Hathaway
shane@zope.com
Tue, 17 Dec 2002 13:51:00 -0500
Chris Withers wrote:
> Shane Hathaway wrote:
>
>>
>> Chris, this opens a security hole.
>
>
> How so?
It is not safe to let untrusted users import arbitrary modules.
>> You must be careful not to allow arbitrary imports, even if the
>> attempt would later result in an Unauthorized error, because importing
>> a module may have undesirable side effects.
>
>
> But surely you'd have to get the module onto the filesystem in order for
> it to be importable? AFAIR, all bets are off once you can put code onto
> the filesystem and so for a security hole to be opened by this code,
> your system would have to be badly compromised anyway...
Not true. You need only import a module that has a side effect or which
assumes it runs only from the command line. You shouldn't put that much
trust in the entire Python library, Zope, and all common products.
> That said, if you can provide a better solution to the problem, I'm all
> ears :-)
I shouldn't work on this right now. Please revert the change, and we
can discuss a proper fix later.
Shane