Zope 2

PythonScripts: raise SystemExit will shut down complete Zope instance

Bug #257269 reported by Andreas Jung on 2008-08-12

4

Affects		Status	Importance	Assigned to	Milestone
	Zope 2	Fix Released	Critical	Unassigned

Bug Description

Reported by MA Lemburg on the <email address hidden> list:

raise SystemExit

within a PythonScript will shut down the complete Zope instance immediately.

Affects: likely all Zope versions where the ZMI/PythonScript functionality
is exposed to "untrusted" users

Possible workaround as patch attached.

Revision history for this message

Andreas Jung (ajung) wrote on 2008-08-12:

#1

pythonscript_raise_systemexit.patch Edit (646 bytes, text/x-diff)

Patch

Revision history for this message

Philipp von Weitershausen (philikon) wrote on 2008-08-12:

#2

Thanks for the patch. I'm wondering whether this fix should rather be part of the RestrictedPython environment.

Revision history for this message

Andreas Jung (ajung) wrote on 2008-08-12:

#3

Perhaps RestrictedPython might be better (I've never touched that area in Zope)

Changed in zope2:
importance:	Undecided → Critical
status:	New → Confirmed

Revision history for this message

Andreas Jung (ajung) wrote on 2008-08-12:

#4

Committed patch/test on the trunk

http://svn.zope.org/Zope/trunk/?rev=89723&view=rev

I think this can be backported to all other branches as well

Revision history for this message

Andreas Jung (ajung) wrote on 2008-08-13:

#5

A hotfix is available

http://www.zope.org/Products/Zope/Hotfix-2008-08-12/

Changed in zope2:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

pythonscript_raise_systemexit.patch Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.