I've created patches for Zope 2.5.0b4, 2.4.3, and 2.3.3 that resolve a number of issues on UNIX systems, including insecure setuid() support and insecure file permissions. You can get these patches on their product page (href="http://www.zope.org/Members/zigg/UnixSecurityPatch/).