-----BEGIN PGP SIGNED MESSAGE-----
Jens Vagelpohl wrote:
> On 22 Nov 2005, at 20:08, Dieter Maurer wrote:
>> You have lost the thread's start:
>> George's problem has been that he could not move an object
>> in an *EXTERNAL METHOD*, i.e. in trusted filesystem code.
>> He would have the same problem in a filesystem product.
>> The problem is that "CopySupport" performs a local security
>> check (in "_verifyObjectPaste") independent from its caller
>> (it does not matter whether the rename/move/copy was
>> called from trusted or untrusted code).
>> With appropriate proxy roles, an untrusted Python Script can
>> perform some
>> rename/move/copy that trusted code is unable to perform.
>> I assume you can agree that this is a somewhat unsane situation...
> Yes, that's very odd... thanks for reminding me of the thread's start!
The actual problem here is a confusion of "authorization" with
"containment constraints": the CopySupport code is using a single check
to test both, which makes it impossible to do the Right Thing (TM):
either the proxy roles should be taken into account, in which case the
containment constraint may be violated, or they shouldn't, in which case
a proxy-role-granted script cannot be used to perform a "controlled"
paste which would otherwise not be authorized.
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -