Re: [Zope] Hooks for methods other than GET/POST on port 80?
(please keep the list CC'ed in) Roman Susi wrote:
What do you mean by freezes? how did you cause this to happen?
Surely, this is not only a bug but a security issue leading to DOS attack, IMHO.
Well, it's a pretty weird use case from what I can see...
Traceback (most recent call last): File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in emit msg = self.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in format return fmt.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in format s = s + self.formatException(record.exc_info) File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in formatException traceback.print_exception(ei[0], ei[1], ei[2], None, sio) File "/usr/local/lib/python2.3/traceback.py", line 123, in print_exception print_tb(tb, limit, file) File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb line = linecache.getline(filename, lineno) File "/usr/local/lib/python2.3/linecache.py", line 14, in getline lines = getlines(filename) RuntimeError: maximum recursion depth exceeded
We need more of the traceback, there is no repeating part here so it's impossible to see what's causing the infinite recursion...
I am not sure how to get the whole traceback...
Well, where did you see the above?
Chris, could you put this into Zope issue tracker (with security tick as I do not want to make this info public right now)? (I've tried but I do not have an account there..)
No, there's nothing stopping you registering at zope.org and doing this yourself. Furhtermore, I'd guess this is likely a bug in your code and nothing to do with Zope ;-) (of course, I could be wrong on that, but I haven't seen any evidence yet) cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Chris Withers wrote:
(please keep the list CC'ed in)
Roman Susi wrote:
What do you mean by freezes? how did you cause this to happen?
Surely, this is not only a bug but a security issue leading to DOS attack, IMHO.
Well, it's a pretty weird use case from what I can see...
Still, it is unclear why it happens...
Traceback (most recent call last): File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in emit msg = self.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in format return fmt.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in format s = s + self.formatException(record.exc_info) File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in formatException traceback.print_exception(ei[0], ei[1], ei[2], None, sio) File "/usr/local/lib/python2.3/traceback.py", line 123, in print_exception print_tb(tb, limit, file) File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb line = linecache.getline(filename, lineno) File "/usr/local/lib/python2.3/linecache.py", line 14, in getline lines = getlines(filename) RuntimeError: maximum recursion depth exceeded
We need more of the traceback, there is no repeating part here so it's impossible to see what's causing the infinite recursion...
I am not sure how to get the whole traceback...
Well, where did you see the above?
In the log.
Chris, could you put this into Zope issue tracker (with security tick as I do not want to make this info public right now)? (I've tried but I do not have an account there..)
No, there's nothing stopping you registering at zope.org and doing this yourself. Furhtermore, I'd guess this is likely a bug in your code and nothing to do with Zope ;-) (of course, I could be wrong on that, but I haven't seen any evidence yet)
Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug.
cheers,
Chris
Regards, Roman
Roman Susi wrote:
Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug.
Where and who by? Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Chris Withers wrote:
Roman Susi wrote:
Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug.
Where and who by?
At Zope.org issue tracker by ajung. However, it is not seen as it is security related.
Chris
--On 9. Dezember 2005 08:04:04 +0200 Roman Susi <rnd@onego.ru> wrote:
Chris Withers wrote:
Roman Susi wrote:
Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug.
Where and who by?
At Zope.org issue tracker by ajung. However, it is not seen as it is security related.
I did not confirm it as bug. I said that it is possibly a bug but nothing that worries me so much. -aj
Andreas Jung wrote:
--On 9. Dezember 2005 08:04:04 +0200 Roman Susi <rnd@onego.ru> wrote:
Chris Withers wrote:
Roman Susi wrote:
Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug.
Where and who by?
At Zope.org issue tracker by ajung. However, it is not seen as it is security related.
I did not confirm it as bug. I said that it is possibly a bug but nothing that worries me so much.
-aj
Hi! I've found the reason for original bug I hit. The recursion was in my code (and gone away after I corrected it). However, the bug I reported to Zope.org is still there. I think its a bug to freeze the whole server by maximum-recursion-reached error in a product... Regards, Roman
--On 9. Dezember 2005 15:33:38 +0200 Roman Susi <rnd@onego.ru> wrote:
Hi!
I've found the reason for original bug I hit. The recursion was in my code (and gone away after I corrected it). However, the bug I reported to Zope.org is still there. I think its a bug to freeze the whole server by maximum-recursion-reached error in a product...
There is always a chance to bring Zope down by writing bad code. But I still do not understand if this is really a Zope problem or just an example of stupid code. -aj
Andreas Jung wrote:
--On 9. Dezember 2005 15:33:38 +0200 Roman Susi <rnd@onego.ru> wrote:
Hi!
I've found the reason for original bug I hit. The recursion was in my code (and gone away after I corrected it). However, the bug I reported to Zope.org is still there. I think its a bug to freeze the whole server by maximum-recursion-reached error in a product...
There is always a chance to bring Zope down by writing bad code. But I still do not understand if this is really a Zope problem or just an example of stupid code.
Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO.
-aj
Regards, Roman
--On 10. Dezember 2005 10:36:16 +0200 Roman Susi <rnd@onego.ru> wrote:
Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO.
Tell me any application or framewokr that you can't bring down with stupid code :-) In this point Zope is neither better nor worse than any other system. -aj
Roman Susi wrote:
Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO.
What is the issue number for this in the zope collector? Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Chris Withers wrote:
Roman Susi wrote:
Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO.
What is the issue number for this in the zope collector?
1964
Chris
participants (3)
-
Andreas Jung -
Chris Withers -
Roman Susi