[Zope-dev] WebDAV File Descriptor Leak

Jamie Heilman jamie@audible.transient.net
Tue, 27 May 2003 15:00:56 -0700


Brian Brinegar wrote:

> Though we are planning to migrate to Zope 2.6.2 in early July. Are
> there changes in Zope 2.6.2 that would effect this?

I seem to recall CVS commit messages to the effect.
 
> /var/tmp/@19004.1930 (deleted)

It should be noted, on a multiuser machine, /var/tmp is not a safe
place to store Python 2.2.2 and earlier's insecure tempfile.py made
files.  Setting the TMPDIR variable for Zope to a directory which only
the zope user may write to is recommended to avoid a potential DoS
vulnerability.  My understanding is that this is finally addressed in
python 2.3.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure."		-Rosencrantz