[Zope-dev] How (in)secure is Zope?
Jamie Heilman
jamie@audible.transient.net
Wed, 12 Mar 2003 18:26:51 -0800
Christian Tismer wrote:
> This is quite a silly argument, IMHO.
No its not, you can't give exact answers to inexact questions with no
prior understanding of how much foreknowledge the audience has.
Especially when you're talking about security.
> It is simple: Do I increase the possibility of somebody
> to obtain root rights, or do I not?
Given that there is no good reason to run Zope as root, assuming you
don't configure Zope to fly in the face of reason, and assuming you
discount the possiblity of exacerbating other external vulnerabilities
your system may have (which is a stupid thing to discount IMO), then
no, Zope doesn't increase the possiblity of obtaining root privileges.
--
Jamie Heilman http://audible.transient.net/~jamie/
"You came all this way, without saying squat, and now you're trying
to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
I liked you better when you weren't saying squat kid." -Buddy