RE: [Zope-dev] zope and UNIX permissions
Hmmm... thanks for trying it. This doesn't seem much of a risk, does it?
Not that I can see off-hand. It is only a socket, a means for communicating with Zope. The 'risk' would only lie in Zope's Security mechanisms. ;-)
The only possible risk would be a DoS type manuever if random user could rewrite the pcgi.soc socket. You could control this through var directory permissions, will try this out and report back.
You're the coolest! Thanks..
Chris McDonough wrote:
Hmmm... thanks for trying it. This doesn't seem much of a risk, does it?
Not that I can see off-hand. It is only a socket, a means for communicating with Zope. The 'risk' would only lie in Zope's Security mechanisms. ;-)
The only possible risk would be a DoS type manuever if random user could rewrite the pcgi.soc socket. You could control this through var directory permissions, will try this out and report back.
You're the coolest! Thanks..
OK, it appears that Zope can handle it if: the var directory (for Zope) is rwx for user and group AND pcgi.soc is 777. This makes sense, of course. I was primarily making sure that Zope didn't try to access it as a non-user (as some apps do). So, in conclusion, the paranoid can make certain the directory containing pcgi.soc is only writeable/executable to user/group owned by the Zope process (and by the WebServer!!) with little fear of other son the system accessing it willy-nilly. YYMV, offer void in some states, yadda yadda yadda. Bill -- "Linux: the operating system with a CLUE... Command Line User Environment". seen in a posting on comp.software.testing
participants (2)
-
Bill Anderson -
Chris McDonough