Hi,
does this have any security implications?
On Wed, Aug 22, 2012 at 3:00 PM, Yusei TAHARA yu...@domen.cx wrote:
I found a bug in ZopeSecurityPolicy and fixed it.
http://svn.zope.org/AccessControl/trunk/src/AccessControl/ZopeSecurityPolicy.py?rev=127548r1=113657r2=127548
Is it possible to
On Thu, Aug 23, 2012 at 5:23 PM, li...@nidelven-it.no wrote:
does this have any security implications?
In short: No.
Long answer: Not unless you have very custom code similar to what's in
the provided test (providing a custom rolesForPermissionOn callable on
a class). And that code would have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/23/2012 11:23 AM, li...@nidelven-it.no wrote:
does this have any security implications?
The bug doesn't provide any obvious attack vector. Applications which
used the doubly-unusual feature ('__roles__' being a class instance,
rather than a
Hello,
I found a bug in ZopeSecurityPolicy and fixed it.
http://svn.zope.org/AccessControl/trunk/src/AccessControl/ZopeSecurityPolicy.py?rev=127548r1=113657r2=127548
Is it possible to release new version?
Regards,
--
Yusei TAHARA yu...@domen.cx
___
On 22 August 2012 18:30, Yusei TAHARA yu...@domen.cx wrote:
Hello,
I found a bug in ZopeSecurityPolicy and fixed it.
http://svn.zope.org/AccessControl/trunk/src/AccessControl/ZopeSecurityPolicy.py?rev=127548r1=113657r2=127548
Is it possible to release new version?
Are we sure this
On Wed, Aug 22, 2012 at 3:00 PM, Yusei TAHARA yu...@domen.cx wrote:
I found a bug in ZopeSecurityPolicy and fixed it.
http://svn.zope.org/AccessControl/trunk/src/AccessControl/ZopeSecurityPolicy.py?rev=127548r1=113657r2=127548
Is it possible to release new version?
I can do that. But is