[Zope] Security issue FIXED by installing VerboseSecurity?
Dennis Allison
allison at sumeru.stanford.EDU
Wed Mar 24 13:41:21 EST 2004
I don't think ther verbose security product has yet been ported to 2.7.
On Wed, 24 Mar 2004, Milos Prudek wrote:
>
> I am trying to move my application from Zope 2.5 to Zope 2.7. There was
> the security audit, so problems are expected to crop up. But I stumpled
> across something unexplicable...
>
> Pretty innocent Python Script gives error "ValueError: unpack list of
> wrong size". To investigate the error, I installed VerboseSecurity. The
> error dissappeared. I removed VerboseSecurity. Error appeared. I
> installed VerboseSecurity again. Error disappeared.
>
> How is this possible? I did not even set ZOPE_SECURITY_POLICY=PYTHON,
> because I was not sure if Zope 2.7 reads environment variables. Yet
> VerboseSecurity "fixed" the error. I don't like this kind of fix...
> especially since I do not understant it.
>
> Here's the script in question:
>
> Dct={}
> Dct['readers'] = context.readers+1
> context.propertysheets.data.manage_changeProperties(Dct)
>
> It's the third line that caused the error. This script runs "proxy
> Manager" because it updates a property even if the user is not the owner
> of the ZClass instance that this script belongs to.
>
> Here's the traceback:
>
> Traceback (innermost last):
>
> * Module ZPublisher.Publish, line 100, in publish
> * Module ZPublisher.mapply, line 88, in mapply
> * Module ZPublisher.Publish, line 40, in call_object
> * Module OFS.DTMLMethod, line 130, in __call__
> <DTMLMethod instance at 4187a320>
> URL:
> http://localhost:9080/choroby/ucho/skalni/obecne/1/index_html_top/manage_main
> Physical Path:/www.orl.cz/choroby/ucho/skalni/obecne/1/index_html_top
> * Module DocumentTemplate.DT_String, line 474, in __call__
> * Module Shared.DC.Scripts.Bindings, line 320, in
> __render_with_namespace__
> * Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec
> * Module Products.PythonScripts.PythonScript, line 318, in _exec
> * Module None, line 3, in inc_readers
> <PythonScript at
> /www.orl.cz/choroby/ucho/skalni/obecne/1/inc_readers>
> Line 3
> * Module AccessControl.Owned, line 123, in getWrappedOwner
>
> ValueError: unpack list of wrong size
>
> --
> Milos Prudek
> _________________
> Most websites are
> confused chintzy gaudy conflicting tacky unpleasant... unusable.
> Learn how usable YOUR website is! http://www.spoxdesign.com
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list