Comment 2 for bug 928376

I am not a security expert, but it looks like a Directory traversal vulnerability.
http://en.wikipedia.org/wiki/Directory_traversal_attack

You could image a specially crafted "/.zip" or "/home.zip" file which includes a python module which matches an openerp file name, and contain malicious code.

To be sincere, I am not really concerned about the security implications.
Since we run regression tests very often, we try to track down some performance issues which slow down our tests.

I will probably propose a patch to improve the file_open utility a little bit.