[Zope-Perl] security

Gisle Aas gisle@ActiveState.com
24 Jan 2001 14:08:50 -0800 

"Chris McDonough" <chrism@digicool.com> writes:

> Thanks for the clarification...  As a result, I was able to make this work
> by changing AccessControl.SimpleObjectPolicies.. e.g.:
> 
> __doc__='''Collect rules for access to objects that don\'t have roles.
> 
> $Id: SimpleObjectPolicies.py,v 1.6 2001/01/10 20:21:03 chrism Exp $'''
> __version__='$Revision: 1.6 $'[11:-2]
> 
> _noroles=[] # this is imported from various places
> 
> import Record
> try:
>     import perl
>     perlhash = perl.get_ref("%")
>     perlarry = perl.get_ref("@")
> except:
>     perlhash = {}
>     perarry = []
> # Allow access to unprotected attributes
> Record.Record.__allow_access_to_unprotected_subobjects__=1
> 
> ContainerAssertions={
>     type(()): 1,
>     type([]): 1,
>     type({}): 1,
>     type(perlhash): 1,
>     type(perlarry): 1
>     }
> 
> ... although I don't think we want to solve it this way (unless we do :-).

:-)

Since type(perlhash) == type(perlarry) you don't really need both.  It
also means that this enable the Container-behaviour for all other
'perl ref' objects, like code references.

> I think it would serve the same purpose for perlref instances to always have
> a __roles__ class attribute set to None and an
> __allow_access_to_unprotected_subobjects__ class attr set to 1 (although I
> don't know if this offends your sensibility :-)

It kind of breaks the separation between the 'pyperl' stuff that does
not contain any Zope specific hacks and 'zoperl' with all the hacks.
I guess we could still try to add a generic mechanism to 'pyperl' to
make it possible to set up attributes like this for 'perl ref'
objects.

But, returning perl reference data to python also has thread issues.
If you for instance store the hash reference somewhere and then pick
it up in another thread you will discover that it will generate
exceptions if you try to do stuff with it.  If you pass it into perl
then this will actually be a different perl interpreter (we have
separate perl interpreters per thread) and it will just see this as a
python object.  The only thing it can sensibly do with it is pass it
back to python.  In short, perl data belongs to one and only one
thread.

For this reason I would not encourage that we actually return perl
data in Zope.  I might even go as far as adding code to
PerlMethod.__call__ that simply stringify 'perl ref' objects returned
from PerlMethods.  This was actually what used to happen before
'pyperl-beta5'.

Regards,
Gisle