On Jul 10, 2006, at 3:16 AM, Tres Seaver wrote:
...
As Florent pointed out, long experience with text processing
systems on
Unix (Tex, postscript, etc.) says that enabling file inclusion by
default is a security hole. Leaving it enabled by default makes
docutils at least partly to blame for such holes (under a doctricne of
"attractive nuisance"). If, OTOH, the downstream programmer had to
explicitly enable the risky behavior, then any breach would be *that
programmer's* fault.
I agree that, for the use case of TTW text entry, it would be better
if file-inclusion was disabled by default, however, docutils wasn't
designed for TTW text entry. You could try to lobby for a change,
although I don't think you'd have much luck.
Perhaps we could lobby for an API to change the default. Then Zope
could change the default though a supported API. I think there is
some chance for getting such an API included.
As far as programmer fault, it is the programmers fault to use a 3rd-
party library without knowing it's security implications. The
docutils security hole in Zope is *our* fault, not docutils. There
isn't a security hole in docutils when used as intended. It was our
faulure to expose TTW reST without reviewing all of the features to
find out if they were problematic. It was our fault, once we found
out that there was a problem to not test our fix adequately.
Jim
--
Jim Fulton mailto:[EMAIL PROTECTED] Python
Powered!
CTO (540) 361-1714
http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
