On Mon, Jul 5, 2010 at 12:57 PM, Shane Hathaway <sh...@hathawaymix.org> wrote: > On 07/02/2010 11:49 AM, Tres Seaver wrote: >> Jim has asserted (but not really explained) that the C extension closes >> some kind of security hole. I don't see any credible attack vector >> myself, but then I no longer believe it worthwhile to devote my own >> energy to defending against malicious TTW programmers. > > FWIW, I imagine the problem is that zope.security treats > zope.i18nmessageid as a rock, so if the implementation is in Python, it > probably allows untrusted code to do this: > > >>> msg.__setattr__.im_func.func_globals['__builtins__']['__import__'] > <built-in function __import__> > > I suggest the bug is in zope.security, which should never allow a type > written in Python to be a rock.
Although I wouldn't go so far as calling this a "bug", I like the idea of deciding whether to treat message ids as rocks depending on whether we're using the C implementation or not. Jim -- Jim Fulton _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
