-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jens Vagelpohl wrote: > > On 22 Nov 2005, at 20:08, Dieter Maurer wrote: > >> You have lost the thread's start: >> >> George's problem has been that he could not move an object >> in an *EXTERNAL METHOD*, i.e. in trusted filesystem code. >> >> He would have the same problem in a filesystem product. >> >> The problem is that "CopySupport" performs a local security >> check (in "_verifyObjectPaste") independent from its caller >> (it does not matter whether the rename/move/copy was >> called from trusted or untrusted code). >> >> With appropriate proxy roles, an untrusted Python Script can >> perform some >> rename/move/copy that trusted code is unable to perform. >> >> I assume you can agree that this is a somewhat unsane situation... > > > Yes, that's very odd... thanks for reminding me of the thread's start!
The actual problem here is a confusion of "authorization" with "containment constraints": the CopySupport code is using a single check to test both, which makes it impossible to do the Right Thing (TM): either the proxy roles should be taken into account, in which case the containment constraint may be violated, or they shouldn't, in which case a proxy-role-granted script cannot be used to perform a "controlled" paste which would otherwise not be authorized. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDg5LI+gerLs4ltQ4RAtblAJwNsXuSMgrSmuk5Jkx2dNvq5XcF+ACfVfli kWb4OErhWp0Zm95oGrNK+6o= =Thwe -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
