[Zope] [ANN] zshell: The Zope Shell

Simon Michael simon@joyful.com
03 May 2001 12:31:18 -0700


Jerome Alet <alet@unice.fr> writes:
> I've just seen the access is now protected, it's a good idea else
> anyone could just do a: rm

editing the zshell script is protected, but running it isn't.  
I couldn't find a way to protect against executing zshell commands,
short of disabling all the lower-level permissions (such as object
deletion). 

"rm" & "rm *" don't work but "rm ." does. Zshell allows you to do so
much evil (as well as good) with so little effort, that I think it
would benefit from an extra permission.