[Zope-dev] Security/Acquisition Bug? (take two)
Charlie Wilkinson
cwilkins@boinklabs.com
Sun, 12 Nov 2000 23:39:53 -0500
On Sun, Nov 12, 2000 at 11:42:32PM +0100, Dieter Maurer waxed eloquent:
>
> I tried it on my ZopeCVS installation.
> The Python parts are quite new. The C-part is about 2 weeks old.
>
> I can not observe what you describe.
> "/index_html" can be viewed as "Annonymous" without any
> change in permissions.
Hi Dieter,
Thanks for investigating. I also gave it another try, with the same
results as my previous attempts. Maybe I'm doing something dumb?
I have followed exactly these steps (as a regular user):
1. mkdir Zope2
2. cvs -z7 -d :pserver:anonymous@cvs.zope.org:/cvs-repository checkout Zope2
3. cd Zope2
4. python wo_pcgi.py
5. python zpasswd.py -u XXXXXX -p XXXXXX access
6. Edit start file (for port change and stupid log):
#! /bin/sh
reldir=`dirname $0`
PYTHONHOME=`cd $reldir; pwd`
export PYTHONHOME
exec /usr/bin/python \
$PYTHONHOME/z2.py -P 9000 \
-D "$@" STUPID_LOG_FILE=$PYTHONHOME/zope.log
7. ./start &
8. Visit http://www.boinklabs.com:9080/index_html
8. Get BASICAUTH login box... ??
Box is Redhat 6.0 with updates, Python 1.5.2 from source. CVS is v1.10.5.
The only bit I left out was setting up the CVS login on a prior occasion:
cvs -d :pserver:anonymous@cvs.zope.org:/cvs-repository login
-cw-
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Charlie Wilkinson - cwilkins@boinklabs.com - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
Visit the Radio For Peace International Website: http://www.rfpi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CLOBBER INTERNET SPAM: See!! <http://spam.abuse.net/>
Join!! <http://www.cauce.org/>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QOTD:
Al Gore: Please, just concede. I can't handle another four years of
whiney Republican bumper stickers!