[Zope] LocalFS Security

Jonathan Stoneman Jonathan.Stoneman@ftech.net
Wed, 9 Oct 2002 10:47:32 +0100 

> Jonathan Stoneman wrote:
> > Hi,
> >=20
> > We have a Zope server that out customers can have space on.  We=20
> > provide them with an folder containing a User Folder which contains
> > their user.  They can then do whatever they want within this space.
> > We do not want to place any un-necessary limitations on what they
> > can do.
> >=20
> > The problem is that we want to install the LocalFS product on the=20
> > server.  If the customers have permissions that allow them to create
> > or edit LocalFS objects, then they can access any part of the local
> > file system that the zope user can. =20
> >=20
> > We can stop them from creating and editing LocalFS objects by=20
> > removing the Add Local File Systems and Change Local File System=20
> > Properties permissions from their roles in the root folder.  The=20
> > customers would then have to contact us to have a LocalFS object=20
> > created or edited but this would be an acceptable solution.
> >=20
> > The problem with this solution is that they can change the=20
> role that=20
> > their user has, or change the permissions of their folder.  Either=20
> > way they can get permission to create / edit LocalFS objects.  We=20
> > could stop them from doing this by taking away their Manage Users=20
> > and Change Permissions permissions, but this is not really=20
> > acceptable.
> >=20
> > Is there any other way that we can install the LocalFS product and
> > stop users from creating / editing instances of that object?
> >=20
> >=20
> > Thanks... JOn
>=20
> How about modifying the localfs product to not allow arbitrary paths?
> Like always prepending /home/yourlocaluseraccount/ to what=20
> they type in,=20
> this is the simplest method coming to my mind. Other involve=20
> chroots and=20
> such stuff which will get very nasty.
> But you'll have to seriously think about it, because you'll have to=20
> prevent the user from configuring LocalFS with=20
> ../../../etc/passwd and=20
> that stuff.
> Maybe filtering out '..' should do it?
>=20
> HTH,
> oliver

Thanks for your help, I had actually considered doing this, but was=20
hoping there was a simple way of doing it that I had missed.=20

Time to start looking at the LocalFS source then..  :)


Thanks again... JOn.


--
Jonathan Stoneman - Programmer - Frontier Internet Services Limited=20
Tel: 02920 820045 Fax: 02920 820038 http://www.frontier.net.uk
All statements made are subject to Frontier's Terms and Conditions=20
of Business which are available upon request.