You could image a specially crafted "/.zip" or "/home.zip" file which includes a python module which matches an openerp file name, and contain malicious code.
To be sincere, I am not really concerned about the security implications.
Since we run regression tests very often, we try to track down some performance issues which slow down our tests.
I will probably propose a patch to improve the file_open utility a little bit.
I am not a security expert, but it looks like a Directory traversal vulnerability. en.wikipedia. org/wiki/ Directory_ traversal_ attack
http://
You could image a specially crafted "/.zip" or "/home.zip" file which includes a python module which matches an openerp file name, and contain malicious code.
To be sincere, I am not really concerned about the security implications.
Since we run regression tests very often, we try to track down some performance issues which slow down our tests.
I will probably propose a patch to improve the file_open utility a little bit.