[Zope-dev] Security/Acquisition Bug? (take two)

Charlie Wilkinson cwilkins@boinklabs.com
Sun, 12 Nov 2000 23:39:53 -0500


On Sun, Nov 12, 2000 at 11:42:32PM +0100, Dieter Maurer waxed eloquent:
> 
> I tried it on my ZopeCVS installation.
> The Python parts are quite new. The C-part is about 2 weeks old.
> 
> I can not observe what you describe.
> "/index_html" can be viewed as "Annonymous" without any
> change in permissions.

Hi Dieter,
Thanks for investigating.  I also gave it another try, with the same
results as my previous attempts.  Maybe I'm doing something dumb?
I have followed exactly these steps (as a regular user):

1. mkdir Zope2

2. cvs -z7 -d :pserver:anonymous@cvs.zope.org:/cvs-repository checkout Zope2

3. cd Zope2

4. python wo_pcgi.py

5. python zpasswd.py -u XXXXXX -p XXXXXX access

6. Edit start file (for port change and stupid log):

	#! /bin/sh
	reldir=`dirname $0`
	PYTHONHOME=`cd $reldir; pwd`
	export PYTHONHOME
	exec /usr/bin/python \
	     $PYTHONHOME/z2.py -P 9000 \
	     -D "$@" STUPID_LOG_FILE=$PYTHONHOME/zope.log

7. ./start &

8. Visit http://www.boinklabs.com:9080/index_html

8. Get BASICAUTH login box...  ??

Box is Redhat 6.0 with updates, Python 1.5.2 from source.  CVS is v1.10.5.
The only bit I left out was setting up the CVS login on a prior occasion:

	cvs -d :pserver:anonymous@cvs.zope.org:/cvs-repository login

-cw-

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Charlie Wilkinson - cwilkins@boinklabs.com - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
    Visit the Radio For Peace International Website: http://www.rfpi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            CLOBBER INTERNET SPAM:  See!! <http://spam.abuse.net/>        
                                   Join!! <http://www.cauce.org/>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QOTD:
Al Gore: Please, just concede.  I can't handle another four years of
whiney Republican bumper stickers!