Hash: SHA1

Jim Fulton wrote:

>> So forking docutils inside Zope is *not* evil, even when considering
>> packaged versions, as long as the packagers know about the fork, right?
> The unforked docutils provides the necessary safety when used correctly.
> It is our careless use of the feature that was the cause of the problem.

As Florent pointed out, long experience with text processing systems on
Unix (Tex, postscript, etc.) says that enabling file inclusion by
default is a security hole.  Leaving it enabled by default makes
docutils at least partly to blame for such holes (under a doctricne of
"attractive nuisance").  If, OTOH,  the downstream programmer had to
explicitly enable the risky behavior, then any breach would be *that
programmer's* fault.

Relevant history:

 - SVN says that the knobs to disable the dangerous features, along with
   the docs for the why teh features are dangerous, were added fifteen
   months ago:


 - Those knobs were made available in the 0.3.9 release of docutils
   (per the HISTORY.txt file).

 - Andreas upgraded Zope to that release last October, just before
   initial hotfix (from the timing, on 2005/10/09, it looks as though
   the hotfix have been the motivation for the upgrade).

 - Because of the way we ship docutils (there was a lot of wrangle about
   this, as well, with Andreas moving stuff around to suit the course
   of the wrangle) we don't even ship the documents which label those
   directives as 'dangeroous' (they are off in the 'test' subtree).

- --
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to