Tres Seaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Jung wrote:
--On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote:
--On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
I think we s
--On 9. Juli 2006 15:22:18 -0400 Tres Seaver <[EMAIL PROTECTED]> wrote:
I've written some tests (checked in on the trunk). They test the 'raw'
and 'include' directives
Great! Maybe we can add a similar set for the 'fmt="restructured-text"'
in DTML.
Jup, but I won't the able to this over t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Jung wrote:
>
>
> --On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
>
>>
>> On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote:
>>
>>>
>>>
>>> --On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
>>>
>
Tres Seaver wrote:
Another possible fix would be to patch docutils to make the
configuration directive for file inclusion disabled by default; that
would allow a trusted module to enable them for a given parse, without
exposing the feature for untrusted code.
Which should be how upstream docut
On Jul 9, 2006, at 10:47 AM, Andreas Jung wrote:
...
But that
just illustrates that our current approach of "everyone is
responsible
for everything" or, cynically, "no one is responsible for anything"
isn't working.
Isn't that the approach how Zope is working since years?
Yes, but Zope
--On 9. Juli 2006 10:10:53 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
That doesn't change the fact that when we found out about the threat
last fall, we didn't check all of the places in Zope where we were using
reST. You might say that this was because the person who did the hot
fix didn'
On Jul 9, 2006, at 9:43 AM, Tres Seaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Fulton wrote:
On Jul 8, 2006, at 3:40 PM, Tres Seaver wrote:
...
I'll note that tests wouldn't have helped here in the absence of
a more
careful security review of docutils: none of us was awa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Fulton wrote:
>
> On Jul 8, 2006, at 3:40 PM, Tres Seaver wrote:
> ...
>> I'll note that tests wouldn't have helped here in the absence of a more
>> careful security review of docutils: none of us was aware of the 'raw'
>> directive as an attack
--On 9. Juli 2006 08:51:12 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
We need a better chain of responsibility than that, especially when
there is a known security thread.
See above...it's not a question of general responsibility...it's a
question of taking over the responsibility for a
On Jul 8, 2006, at 5:38 PM, Tino Wildenhain wrote:
Jim Fulton wrote:
...
You mean auditing. Testing would not help imho. Testing
only checks if expected behavior still works. And nobody
expects the spanish inquisiton *wink* ;)
You can test that trying to do fil-inclusion fails.
For exa
On Jul 8, 2006, at 3:51 PM, [EMAIL PROTECTED] wrote:
...
This, time I am on your side, Andreas :-)
I agree with you that a feature ("file/url" inclusion code)
physically removed from the shipped code can be considered no longer
causing security risks -- even without extensive tests.
Your rece
On Jul 8, 2006, at 3:40 PM, Tres Seaver wrote:
...
I'll note that tests wouldn't have helped here in the absence of a
more
careful security review of docutils: none of us was aware of the
'raw'
directive as an attack vector for file inclusion until you
mentioned it
the other day.
Except
On Jul 8, 2006, at 3:34 PM, Tres Seaver wrote:
...
The monkeypatch in the hotfix *might* be defeated that way, sure. The
updated version of docutils I checked in will *not*, because it
disables
file inclusion inside the source of the dangerous handlers.
Another possible fix would be to p
On Jul 8, 2006, at 3:27 PM, Andreas Jung wrote:
--On 8. Juli 2006 15:05:21 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
I think this applies here as well.
1. ZClasses are not a security threat. reST is. That's a huge
difference.
Being a security thread or not ...how will you prove tha
On Jul 8, 2006, at 3:06 PM, Andreas Jung wrote:
No, it is not. I haven't worked on the hotfix...so why would it be
up to me
write tests?
It's not. The person who *did* write the hot-fix didn't want the
feature in the first place. Tres stepped up and helped us in an
emergency. I imagine
--On 9. Juli 2006 12:29:24 +0200 Willi Langenberger <[EMAIL PROTECTED]>
wrote:
@Tres: what is the reason to keep the 'raw' code in docutils? I am in
favor to remove it and replace it with a NotImplementedError exception
(same as for the the 'include' code). The related tests (for
reStruc
According to Andreas Jung:
> >> Tres' patch is looking in fine to me. I don't see a need right now
> >> for dropping reST with having file inclusing *removed*.
> >
> > Has anyone written tests for Tres' patch? Apparently no one wrote
> > adequate tests for the last hot fix, which helped put us in
The Buildbot has detected a failed build of Zope trunk 2.4 Windows 2000
zc-bbwin6.
Buildbot URL: http://buildbot.zope.org/
Build Reason: changes
Build Source Stamp: 6547
Blamelist: andreasjung
BUILD FAILED: failed compile
sincerely,
-The Buildbot
_
The Buildbot has detected a failed build of Zope trunk 2.4 Linux zc-buildbot.
Buildbot URL: http://buildbot.zope.org/
Build Reason: changes
Build Source Stamp: 6547
Blamelist: andreasjung
BUILD FAILED: failed test
sincerely,
-The Buildbot
___
Zope-D
The Buildbot has detected a failed build of Zope trunk 2.4 Windows 2000
zc-bbwin6.
Buildbot URL: http://buildbot.zope.org/
Build Reason: changes
Build Source Stamp: 6545
Blamelist: andreasjung
BUILD FAILED: failed compile
sincerely,
-The Buildbot
_
The Buildbot has detected a failed build of Zope trunk 2.4 Linux zc-buildbot.
Buildbot URL: http://buildbot.zope.org/
Build Reason: changes
Build Source Stamp: 6545
Blamelist: andreasjung
BUILD FAILED: failed test
sincerely,
-The Buildbot
___
Zope-D
--On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote:
--On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
I think we should do a 2.9.4 release to incorporate the recent hot
fix.
This is easy for me to s
The Buildbot has detected a failed build of Zope trunk 2.4 Windows 2000
zc-bbwin6.
Buildbot URL: http://buildbot.zope.org/
Build Reason: changes
Build Source Stamp: 6544
Blamelist: andreasjung,benji,benji_york,jim
BUILD FAILED: failed compile
sincerely,
-The Buildbot
The Buildbot has detected a failed build of Zope trunk 2.4 Linux zc-buildbot.
Buildbot URL: http://buildbot.zope.org/
Build Reason: changes
Build Source Stamp: 6544
Blamelist: andreasjung,benji,benji_york,jim
BUILD FAILED: failed test
sincerely,
-The Buildbot
_
24 matches
Mail list logo