[Zope] External Methods, Proxy Roles, and Executable Security
Jens Vagelpohl
jens at dataflake.org
Tue Nov 22 15:51:25 EST 2005
On 22 Nov 2005, at 20:08, Dieter Maurer wrote:
> You have lost the thread's start:
>
> George's problem has been that he could not move an object
> in an *EXTERNAL METHOD*, i.e. in trusted filesystem code.
>
> He would have the same problem in a filesystem product.
>
> The problem is that "CopySupport" performs a local security
> check (in "_verifyObjectPaste") independent from its caller
> (it does not matter whether the rename/move/copy was
> called from trusted or untrusted code).
>
> With appropriate proxy roles, an untrusted Python Script can
> perform some
> rename/move/copy that trusted code is unable to perform.
>
> I assume you can agree that this is a somewhat unsane situation...
Yes, that's very odd... thanks for reminding me of the thread's start!
jens
More information about the Zope
mailing list