[Zope] ExternalMethod - add new parameter
rishi pathak
mailmaverick666 at gmail.com
Tue Apr 8 08:33:05 EDT 2008
Hi Dieter,
I dont have a need to run all the external method as root, only
some of them. For this what I was thinking was to introduce a new control
apart from the regular ones. viz
id , title , Module Name and Function Name by name of 'Run as root', it
would probably be a checkbox.Then at the point when external method code is
executed I would check for the said control and if checked would get it
executed as root.
Can you telll me where should I look in the source(Code segment where
external methods are loaded and executed)
On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer <dieter at handshake.de> wrote:
> rishi pathak wrote at 2008-4-7 17:46 +0530:
> >There is a requirement for running some external methods as super user.
> >For this I thought of adding a new parameter.If set the code would be
> >executed with effective uid of root.
>
> This is extremely dangerous.
>
> To run code as super user, you need to change the effective user id.
> Changing the effective user id affects the whole process -- not just
> the thread executing your external method.
> These things are very difficult to handle in a multi threaded environment,
> in general.
> Moreover, running internet driven code uncontrolled as super user
> is likely to be a big security risk.
>
>
> Let your application write some command to a queue and process
> the queue asynchronously. The processing can be performed as
> super user.
>
> If this is not possible, let your application communicate
> with another process which runs as super user -- and pass on
> synchronous commands from your application to this process.
>
> In both cases, it is ensured that only the restricted command
> set can be used to run something as super user -- and
> not some arbitrary code....
>
>
>
> --
> Dieter
>
--
Regards--
Rishi Pathak
National PARAM Supercomputing Facility
Center for Development of Advanced Computing(C-DAC)
Pune University Campus,Ganesh Khind Road
Pune-Maharastra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20080408/948d17a1/attachment.htm
More information about the Zope
mailing list