[Zope] root privileges required
Michael Ekstrand
michael-zope at elehack.net
Tue Jul 27 14:36:19 EDT 2004
On Tuesday 27 July 2004 12:22, Vangelis Mihalopoulos wrote:
> Well, i agree with you. But, still, using suid python scripts for
> half of my app is a problem... believe me, it will be much easier for
> someone to find a security flaw in my app than is Zope... :)
Another idea... don't know how worthy it is, feel free to shoot it
down... (but I'd appreciate knowing what's wrong with it for my own
education :-)).
What if you encapsulated your code that must run as root in some kind of
daemon that listens locally only? Either network, and protected by a
file, or maybe use a Unix domain socket or similar mechanism. Either
use a proprietary protocol, or maybe have it serve up XML-RPC. Force
all interaction between Zope and this code to use a defined interface.
It would give you a place to do sanity checking on the commands being
fed to the privileged code, and I would think it would provide some
protection of the root code from a Zope compromise. To exploit your
code, an attacker must first compromise Zope, and then figure out how
to get your code to misbehave.
Just my $0.02
-Michael
More information about the Zope
mailing list