[Zope-dev] Re: Unsecure design of ExternalFile
Dieter Maurer
dieter@handshake.de
Fri, 22 Nov 2002 19:59:47 +0100
Wei He writes:
> ...
> I have an idea, but don't know whether it is possible:
> set uid.
>
> If there is a way Zope server can change uid to a predefined
> one before accessing an externally linked file, each webmaster
> will have permission to their own home directory plus some
> shared directories to which all webmasters have permission.
Forget about this in a multi-threaded process (with almost
independent threads).
The "uid/gid" are process global things.
Interesting things happen when threads asynchronously
change it.
In order to be able to switch users, Zope must run with
"root" privileges -- a huge security risk.
> Then I can create system accounts for each webmaster,
Give each webmaster its own Zope process.
Dieter