Just a quick note on this point, there are two points during startup when a product can get control: 1) When the __init__.py is imported 2) When the initialize function within that __init__.py is called.
These seem to occur quite far apart in terms of loaded modules so to get something done early, do it at import time. If you want a look at another "monkeypatch" type product, take a look at PatchKit http://www.zope.org/Members/haqa/PatchKit . Hope this helps Adrian... -- The difficulty of tactical maneuvering consists in turning the devious into the direct, and misfortune into gain. - Sun Tzu ----- Original Message ----- From: "Chris McDonough" <[EMAIL PROTECTED]> To: "Godefroid Chapelle" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, January 17, 2002 1:50 PM Subject: Re: [Zope-dev] Re: [Zope] Security Assertions > > I do not know what you mean by a 'monkeypatch' but it is certainly worth > > it to add the patch to 2.3.x and 2.4.x branches. > > Thanks very much for the patch! We don't maintain 2.3.X anymore (at > least not that I know of, although somebody probably should). And the > 2.4 branch is a little up in the air at the moment. There will be a > 2.4.4 to fix crashing issues but I don't know what the policy will be > for introducing noncrash bugfixes. 2.5 already has the fix. > > So... this is why I suggested a monkeypatch. What I meant by > "monkeypatch" is ... well, now you made me say it... "hotfix". There, I > said it. In other words, a Product that you can download and install > that dynamically changes the running code without actually requiring > that folks running 2.3.X/2.4.X patch their source code. > > Note that this is *not* a vulnerability in case anybody gets nervous. > It is a bug that has to do with Zope security, but it is not a > vulnerability. (That's why I didn't want to use the term "hotfix") > > You can make a monkey patch by creating code modeled after ZC hotfixes > that does some specific set of steps. In this case, you'd probably want > to replace the ModuleSecurityInfo class/function with your "fixed" > function dynamically. Of course, in this case you'd need a way to > arrange that it was among the first Products registered (in order for > the other Products to make use of the patched function). I think > Products are initialized alphabetically, but may be wrong. ;-( > > -- > Chris McDonough Zope Corporation > http://www.zope.org http://www.zope.com > "Killing hundreds of birds with thousands of stones" > > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) > _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )