[Zope-Perl] security
Chris McDonough
chrism@digicool.com
Wed, 24 Jan 2001 15:52:14 -0500
I've just also come to realize that perlrefs aren't acquisition-wrapped when
they are returned from __call__... We could solve the security problem (I
believe) by doing the moral equivalent of changing the line in __call__:
return apply(perl.safecall, (root, mask, args))
to...
return apply(perl.safecall, (root, mask, args)).__of__(self)
The heart of the problem as it stands is that I believe because the instance
that is returned (when it's a perlref) has no acqusition context, it has no
"container" as far as the security machinery goes. This makes it impossible
for the security machinery to figure out what __roles__ it has (if the
instance doesn't have one, it checks its container by figuring it out via
acqusition, and perlrefs don't have any acqusition context).
I was incorrect in my explanation of what the security machinery did
before.. the way it works is that the instance is checked for __roles__. If
__roles__ can't be found on the instance, it checks the instance's
acqusition "container" (instance.aq_inner.aq_parent). If it has no
container or if the container doesn't have roles, it gives up.
Basically, I think if the result of perl.safecall is a Python InstanceType
of any kind, we need to acqusition-wrap the instance. Now I just need to
figure out how to do that. :-)