On Mon, Jul 5, 2010 at 12:57 PM, Shane Hathaway <sh...@hathawaymix.org> wrote:
> On 07/02/2010 11:49 AM, Tres Seaver wrote:
>> Jim has asserted (but not really explained) that the C extension closes
>> some kind of security hole.  I don't see any credible attack vector
>> myself, but then I no longer believe it worthwhile to devote my own
>> energy to defending against malicious TTW programmers.
> FWIW, I imagine the problem is that zope.security treats
> zope.i18nmessageid as a rock, so if the implementation is in Python, it
> probably allows untrusted code to do this:
>  >>> msg.__setattr__.im_func.func_globals['__builtins__']['__import__']
> <built-in function __import__>
> I suggest the bug is in zope.security, which should never allow a type
> written in Python to be a rock.

Although I wouldn't go so far as calling this a "bug", I like the idea
of deciding whether to treat message ids as rocks depending on whether
we're using the C implementation or not.


Jim Fulton
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to