[Zope-Coders] new zLOG

[Chris McDonough]

On Wed, 2002-11-27 at 11:08, Toby Dickenson wrote:
> On Wednesday 27 November 2002 3:34 pm, Chris McDonough wrote:
> 
> > Since file-logging is the lowest-common-denominator across platforms,
> > it's likely going to be the default.
> 
> Yes, it is not possible to have the same code work across all platforms 
> without dropping the security requirement.

I think I see what you're saying now.  Thanks for explaining it, it
makes sense.

Nonetheless, I propose that for the default Zope setup run as root we do
the "less secure" thing, which is to write the logfile as the effective
user, logging to stderr until this can be done.

Then we make it clear in some piece of documentation that if you care
deeply about logfile integrity to service a security goal, you should
use a system-specific log handler that avoids the problem (NT event log,
syslog, whatever).  The new configuration system will make this very
easy to do.

I recognize that this is not best practice as far as security goes, but
I think the responsibility is still in the right place:  the sysadmin
must secure the installation to the best of his ability.  As long as we
inform them of the risk of keeping the default settings, I think our job
is done.

dissent?

- C