Guido van Rossum wrote:
Without python 2.2 zope will continue to harbor remotely exploitable zlib-based memory exhaustion attacks. FWIW
Can you explain? Where does Zope even use zlib?
dtml-tree for one, more recent versions of ztutils' tree code as well although its mitigated to an extent by some hardcoded length limits; those are the only two I know of off the top of my head. rlimits will ensure the zope process doesn't hork the rest of the host, but even better is using the improved decompression objects available in python 2.2 which allow for low memory usage decompression. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway." -Holly