[Zope-dev] .zexp Security Concerns

[Shane Hathaway]

Chris Withers wrote:
> A few people have recently been asking about the ability to import
> .zexp's into the FreeZope accounts NIP offers.
> 
> This is something we'd like to offer but need to understand the security
> risks first. IIRC, the reason why import is not available straight
> 'through the web' is that there are security implications.
> 
> Could someone run these by me again...

Simple: it's wildly unpredictable what people would be able to do.

With a .zexp it's possible to instantiate any Python class including
system classes.  But it's not possible to include actual code.  So
there would probably be a way to access any readable file from the
filesystem, shut down Zope, rewrite or remove all content from Data.fs,
and maybe even get root by restarting in some strange way, but it would
all have to be done in a *really* clever way.  That's just the kind of
challenge intruders crave.

I don't want to have to deal with that, do you?

Shane