RE: [Zope-dev] zope and UNIX permissions
The other file (pcgi.soc) is a unix domain socket... it gets created when you run "python w_pcgi" as a Zope install command from the source distribution. I'm not sure of the danger of having this get created 777. It might be worthwhile to look into what could be done to it.
Well, other than zope not responding over pcgi if it isn't 777? I just tried this out of curiousity. No response through pcgi.
Hmmm... thanks for trying it. This doesn't seem much of a risk, does it?
Chris McDonough wrote:
The other file (pcgi.soc) is a unix domain socket... it gets created when you run "python w_pcgi" as a Zope install command from the source distribution. I'm not sure of the danger of having this get created 777. It might be worthwhile to look into what could be done to it.
Well, other than zope not responding over pcgi if it isn't 777? I just tried this out of curiousity. No response through pcgi.
Hmmm... thanks for trying it. This doesn't seem much of a risk, does it?
Not that I can see off-hand. It is only a socket, a means for communicating with Zope. The 'risk' would only lie in Zope's Security mechanisms. ;-) The only possible risk would be a DoS type manuever if random user could rewrite the pcgi.soc socket. You could control this through var directory permissions, will try this out and report back. Bill -- "Linux: the operating system with a CLUE... Command Line User Environment". seen in a posting on comp.software.testing
participants (2)
-
Bill Anderson -
Chris McDonough