[Zope-dev] uuid.UUID as a rock in zope.security
Jim Fulton
jim at zope.com
Fri Apr 10 15:46:31 EDT 2009
On Apr 10, 2009, at 3:20 PM, Shane Hathaway wrote:
> Martijn Faassen wrote:
>> Stephan Richter wrote:
>>> On Friday 10 April 2009, Jim Fulton wrote:
>>>>> Unfortunately these are ZC's use cases.
>>>> They are not just ZC's use cases.
>>> Keas is relying on that safety heavily too. Anyone who wants to
>>> build a secure
>>> DSL based on Python really wants zope.security.
>>
>> Okay, second case of such usage noticed.
>>
>> One thing that worries me is that PyPy folks keep saying it probably
>> isn't really secure, though they refuse to specify why not when Chris
>> Withers tried to find out last year at EuroPython.
>
> I suspect that's because Python allows anything by default;
> zope.security and RestrictedPython only provide a way to close known
> holes.
Wrong in the case of zope.security. zope.security uses security
proxies that only allow what is specifically allowed and deny
everything else. Because zope.proxy is written in C, there's no way
to defeat it in Python.
The other potential holes I'm aware of are with:
- rocks, which I'm very conservative with, and
- __builtins__. You have to construct builtins very carefully, which
we do and make sure you avoid certain problematic builtins, which we
also do.
It's hard to guess what they might be referring to, since they don't
provide any specifics.
Jim
--
Jim Fulton
Zope Corporation
More information about the Zope-Dev
mailing list