[Zope-dev] WebDAV File Descriptor Leak
Jamie Heilman
jamie@audible.transient.net
Tue, 27 May 2003 15:00:56 -0700
Brian Brinegar wrote:
> Though we are planning to migrate to Zope 2.6.2 in early July. Are
> there changes in Zope 2.6.2 that would effect this?
I seem to recall CVS commit messages to the effect.
> /var/tmp/@19004.1930 (deleted)
It should be noted, on a multiuser machine, /var/tmp is not a safe
place to store Python 2.2.2 and earlier's insecure tempfile.py made
files. Setting the TMPDIR variable for Zope to a directory which only
the zope user may write to is recommended to avoid a potential DoS
vulnerability. My understanding is that this is finally addressed in
python 2.3.
--
Jamie Heilman http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
one direction, and time is its only measure." -Rosencrantz