[Zope] root privileges required

Chris McDonough chrism at plope.com
Tue Jul 27 13:14:23 EDT 2004


I hate it when people "nanny" me about doing things that are possible
but outside of the scope of normal usage, so I hesitate to warn you
about this.  But I still feel compelled to warn you that running Zope as
root is not advisable; while there have been no known remote exploits of
Zope that allow an intruder any form of filesystem access, obviously
it's possible, so running as root is potentially quite dangerous.

On Tue, 2004-07-27 at 11:37, Vangelis Mihalopoulos wrote:
> Rodrigo Dias Arruda Senra wrote:
> 
> > Hi,
> > wouldn't be more wise just setuid (chmdo -s) some external method['s],
> > doing inside it[them] you root 'necessities' ;o)?
> >  
> >
> 
> thanks for your answer Rod,
> 
> nice thinking, but i am not sure it would work... external methods are 
> called in the same thread serving the request... so, how would a suid 
> affect anything? It could only be useful if i "executed" suid python 
> scripts from an external method, and thus creating a new process... i 
> have to test it to be sure.
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 



More information about the Zope mailing list