[Zope] Re: Zope Version
Jamie Heilman
jamie at audible.transient.net
Tue Mar 23 05:01:31 EST 2004
Toby Dickenson wrote:
> Suppose your Zope server is compromised. Your event log and access
> log are critical for detecting the compromise, and then diagnosing
> the flaw that led to the compromise. Currently the Zope server
> process has privileges to rewrite all of its log files, so it is
> possible for anyone who has broken into a Zope server to remove all
> traces of their presence.
>
> Apache does this right. Its worker processes run under the 'httpd'
> uid, but its log files are accessible only by root. When the worker
> process is started it is given a pipe filedescriptor, and a seperate
> process running as root copies log entries out of the pipe and into
> the log file. A compromised worker process can generate fake log
> entries, but it cant remove old ones.
Uh... or you could just write the logs to a pipe and have a
non-privileged reader process write them to disk. Like, oh,
daemontools.
--
Jamie Heilman http://audible.transient.net/~jamie/
More information about the Zope
mailing list