-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jens Vagelpohl wrote:
> 
> On 22 Nov 2005, at 20:08, Dieter Maurer wrote:
> 
>> You have lost the thread's start:
>>
>>   George's problem has been that he could not move an object
>>   in an *EXTERNAL METHOD*, i.e. in trusted filesystem code.
>>
>>   He would have the same problem in a filesystem product.
>>
>>   The problem is that "CopySupport" performs a local security
>>   check (in "_verifyObjectPaste") independent from its caller
>>   (it does not matter whether the rename/move/copy was
>>   called from trusted or untrusted code).
>>
>>   With appropriate proxy roles, an untrusted Python Script can 
>> perform some
>>   rename/move/copy that trusted code is unable to perform.
>>
>> I assume you can agree that this is a somewhat unsane situation...
> 
> 
> Yes, that's very odd...  thanks for reminding me of the thread's start!

The actual problem here is a confusion of "authorization" with
"containment constraints":  the CopySupport code is using a single check
to test both, which makes it impossible to do the Right Thing (TM):
either the proxy roles should be taken into account, in which case the
containment constraint may be violated, or they shouldn't, in which case
a proxy-role-granted script cannot be used to perform a "controlled"
paste which would otherwise not be authorized.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDg5LI+gerLs4ltQ4RAtblAJwNsXuSMgrSmuk5Jkx2dNvq5XcF+ACfVfli
kWb4OErhWp0Zm95oGrNK+6o=
=Thwe
-----END PGP SIGNATURE-----

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to