Kevin Dangoor wrote:
Does anyone out there already have a pcgi-wrapper that is hardcoded to run directly instead of through a script like Zope.cgi? I want to do this so that I can safely run it setuid. If no one has such a beast, I'll muck about in the C code and see if I can patch it. (I haven't done anything in C since '96... the thought of going back is frightening :)
I'm not sure I understand how this increases security, but if your goal is to hardwire all your Zope settings into a binary, it's not difficult to do. Although maintaining it will be a drag. If you're going to go down this path, you might as well write a Python shell script to automate the process, i.e. have it read in Zope.cgi to create a header file that is then is compiled to your binary (Please call it something other than pcgi-wrapper.) This should all be probably placed in a Makefile, with Zope.cgi as your dependency. With queasy regards, Jeff Bauer Rubicon, Inc.