[Zope3-dev] Re: Through-the-web reStructuredText
Jim Fulton
jim at zope.com
Mon Jul 10 04:01:44 EDT 2006
On Jul 10, 2006, at 3:16 AM, Tres Seaver wrote:
...
> As Florent pointed out, long experience with text processing
> systems on
> Unix (Tex, postscript, etc.) says that enabling file inclusion by
> default is a security hole. Leaving it enabled by default makes
> docutils at least partly to blame for such holes (under a doctricne of
> "attractive nuisance"). If, OTOH, the downstream programmer had to
> explicitly enable the risky behavior, then any breach would be *that
> programmer's* fault.
I agree that, for the use case of TTW text entry, it would be better
if file-inclusion was disabled by default, however, docutils wasn't
designed for TTW text entry. You could try to lobby for a change,
although I don't think you'd have much luck.
Perhaps we could lobby for an API to change the default. Then Zope
could change the default though a supported API. I think there is
some chance for getting such an API included.
As far as programmer fault, it is the programmers fault to use a 3rd-
party library without knowing it's security implications. The
docutils security hole in Zope is *our* fault, not docutils. There
isn't a security hole in docutils when used as intended. It was our
faulure to expose TTW reST without reviewing all of the features to
find out if they were problematic. It was our fault, once we found
out that there was a problem to not test our fix adequately.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list