On Jul 8, 2006, at 10:09 AM, Andreas Jung wrote:

--On 8. Juli 2006 09:53:47 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
Tres came up with this sledge hammer because he has no confidence
in people's willingness to test and implement this feature properly.

I am fine with the sledge-hammer. I've never claimed that we need
to support file insertion and raw support in any way. We don't
need, we can kick it.
But removing or disabling a feature because we are possibly
incompetent would be just ridiculous.

I can live with the sledge hammer for Zope 2. All I ask for is tests.

If there are tests for each way of invoking reST through the web that
verifies that file-inclusion isn't enabled, then it's alright with me if the sledge hammer is used to make the tests pass. I won't tolerate an
untested feature with so much security risk.

Yes, someone has to write the tests at some time, soon.

Right. Before 2.10.

As I pointed out the risk is minimal for Zope-apps because you need to have access to the ZMI..

No, it's not. Getting at arbitrary files is not acceptable from the ZMI.

so what are security concerns in this case? And file inclusion won't work if the related code is stripped off...so what are your security concerns in this case?

I am concerned by the lack of tests. Whoever created the last hot fix was sure the problem was fixed. They were wrong and we're paying the price.

I'll also note that the sledgehammer might not itself be safe in the
presence of the various reload products for Zope 3. Would Tres' patch be defeated by reloading docutils.parsers.rst.directives.misc? Is there
a chance that a reload product
could reload this module and undo the fix? I dunno. It is worrisome.

You seem to be the only one championing TTW reST?

I am only champion against crude removal of features and against and a shortsighted preception.

That doesn't deserve an answer.

Are you unwilling  to
write the tests necessary to keep it?

This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything.

Yes, it really is the point. We've had a serious security failure due to a lack
of adequate testing.  This is not acceptable.


Jim Fulton                      mailto:[EMAIL PROTECTED]                Python 
CTO                             (540) 361-1714                  
Zope Corporation        http://www.zope.com             http://www.zope.org

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to