[Zope3-dev] Fatal Python error: can't initialize module
MultiMapping when access "++apidoc++/Class/menu.html"
shane at hathawaymix.org
shane at hathawaymix.org
Mon Nov 22 14:08:21 EST 2004
On Mon, 22 Nov 2004, Tim Peters wrote:
> [shane at hathawaymix.org]
>> ...
>> Two things should happen:
>>
>> - Zope 3 shouldn't try to import MultiMapping.
>>
>> - Someone should find out if this is a problem for Zope 2.8.
>
> Shouldn't be a problem in 2.8. ExtensionClass code still exists in
> 2.8, but is part of the Zope tree instead of the ZODB tree there.
>
> I don't see any imports of MultiMapping in Zope3 except from
> RestrictedPython/SafeMapping.py, and I don't see any uses of
> SafeMapping.py. That doesn't mean there aren't any, just that I can't
> find any <wink>.
zope.app.apidoc.classmodule imports SafeMapping (and every other module, I
presume) when it displays the class reference. I had to add a
pdb.set_trace in SafeMapping to discover this.
An interesting implication of the live class reference is that every
module in Zope 3 must be safe to import at any time. That might not be so
good for security--if an intruder can manage to install a Python script in
the Zope 3 code tree, the script will be executed with Zope's privileges.
Good thing it's easy to uninstall zope.app.apidoc (I presume.)
Shane
More information about the Zope3-dev
mailing list