[Zope] still bad perception of Zope about security
Reinoud van Leeuwen
reinoud@xs4all.nl
Mon, 25 Jun 2001 10:15:54 +0200 (CEST)
>>
>> So I think something has to be done to restore Zope confidence around
>> ISPs, but unfortunately I don't know what.
>>
>
> This might not be relevant to your ISP's setup, but
> since Zope normally shouldn't access anything
> outside its $HOME, shouldn't it be fairly
> straightforward to set up the ZServer to use a
> restricted environment (rexec)? Alternatively one
> could do a chroot() before starting the server. Have
> anybody hacked the ZServer to run restricted?
I run Zope on a FreeBSD box in a jail (that is a chrooted environment that
acts like a standalone Unix box). It is fairly simple to setup (just follow
the examples in 'man jail'). No changes were needed in any Zope code.
Reinoud