Re: [Zope-dev] How (in)secure is Zope?
My answer to this is: 1. Protecting yourself from your users: Zope fine grained acces control means that you can set up access restrictions that do exactly what you want and let user do what they need, and prevents them from doing what they should not. Obviously you can also make everybody do everything, so how secure a software is in this sense is not a measure of how secure your installation is, but of how secure it CAN be. In this sense Zope is VERY secure. 2. Protecting yourself from packet snooping: Zope doesn't have any encryption built-in, SSL needs external software to implement fro example. In this sense Zope can be MADE secure with some work, but is not secure at all out of the box. 3. Protecting yourself againt forceful entry: To my knowledge, nobody has cracked open a reasonably correctly configured Zope server yet. If this is because nobody has tried or nobody has suceeded, I wouldn't know. Security by obscurity does not help against the determined hacker, but it helps against script kids, and they are a more common problem. Zope is probably secure in this sense. 4. Protecting yourself against data loss: The ZODB is very resilient against crashes and data loss. Making a simple backup each day is plenty. Zope is VERY secure in this sense. 5. Protecting yourself against denial of service: Zope does not seem to crash if you send random data to it, and I have in logs seen attemps to overflow buffers and the like that obviously are attempt to crash or break in to other (MS) servers, without this affecting Zope at all. If you don't trust Zope in this, you can put Apache in front of it. In this sense Zope is again VERY secure. So all in all, Zope is a pretty good choice from this standpoint. I wouldn't use it without external SSL stuff if I were a bank, but otherwise I'm perfectly confident in the stability and security of Zope. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope3-dev] Re: [Zope-dev] How (in)secure is Zope?
So I think we can reliably say that stock Zope is secure. An insecure product, on the other hand, opens up many possibilities, but that ought to be the subject of a different discussion. ...and if we do have that discussion, can it please be on [EMAIL PROTECTED], and not cross-posted to both [EMAIL PROTECTED] and [EMAIL PROTECTED] Unless the discussion is about Zope 3 products, in which case it should be on only [EMAIL PROTECTED] -- Steve Alexander ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Lennart Regebro wrote: 5. Protecting yourself against denial of service: Zope does not seem to crash if you send random data to it, and I have in logs seen attemps to overflow buffers and the like that obviously are attempt to crash or break in to other (MS) servers, without this affecting Zope at all. If you don't trust Zope in this, you can put Apache in front of it. In this sense Zope is again VERY secure. No it isn't. (somewhere far in the distance Rainer Wolfcaststle is heard crying, My RAM! The proxies, they do nothing!) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Thursday 13 March 2003 5:21 am, Shane Hathaway wrote: The only vulnerability would involve trusted users who want to vandalize Zope. So even though there have been many hotfixes, they are irrelevant--Zope is still secure. (Unless you can't trust your trusted users, which is a different problem.) Of course you cant *completely* trust your trusted users. Thats why we have seperate user accounts, and seperate roles. IMO: Zope is sufficiently vulnerable to abuse from trusted users to justify concern. The normal zope development model is to consider normal python code as trusted - normal python code can do anything without security checks. Zope has many normal python methods that can be called by through-the-web code (after permission checking). In unix terms this is equivalent to having many setuid root programs. IMO concern can be justified without needing to find a specific exploit. From this point of view, Jamies advocacy of using Unix mechanisms to restrict this 'trusted' python code is valuable. On Thursday 13 March 2003 1:58 am, Jamie Heilman wrote: I will go on record as saying that, recently, response times to security related issues in the Zope2 tree have been disapointing. Construe from that what you will. It is hard to find time for security work among the feature rush of the cvs trunk, and without compromising the stability of the maintenance branch. Would there be any interest from other developers in addressing these potential security issues in a *fork* starting with the 2.6 maintenance branch? (reply-to set to zope-dev) -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Jamie Heilman wrote: In this sense Zope is again VERY secure. No it isn't. A statement like that without an argument is worthless in a discussion. You need to elaborate as we cannot read your mind and see what lies behind the statement. regards Max M ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Thursday 13 March 2003 9:25 am, Lennart Regebro wrote: 5. Protecting yourself against denial of service: Zope does not seem to crash if you send random data to it, and I have in logs seen attemps to overflow buffers and the like that obviously are attempt to crash or break in to other (MS) servers, without this affecting Zope at all. There is evidence that this is not true. If you don't trust Zope in this, you can put Apache in front of it. In this sense Zope is again VERY secure. Zope is insecure Zope+Squid(or Apache or Pound)+OS resource limits+careful choice of products is secure (Note that I dont consider this a flaw in Zope.) -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Max M wrote: A statement like that without an argument is worthless in a discussion. You need to elaborate as we cannot read your mind and see what lies behind the statement. My statement wasn't really aimed at you, sorry, I'm not playing fair. My statement was aimed at people who don't have to read my mind because they've been informed, and I'm making it in a public forum to be a pain the ass. I've already mentioned I have outstanding security related bugs in the collector, and as Toby noted I've been vocal on the value of process seperation and resource limits. This isn't a coincidence. Without properly configured resource limits, it is trivial to use an exposed Zope instance to exhaust host resources. This isn't entirely Zope's problem, this is usually an issue of misconfiguration. For example, until Zope 2.6, ZServer imposed no length limits on HTTP request headers. (These headers are read directly into memory, thus it was fairly easy to exhaust the memory of a host without resource limits.) When I found that out I reported it as a bug, and it was promptly addressed. (kudos) Now it could easily be argued, and I wouldn't be inclined to really disagree, that header length limits should be configured by the fronting server. What I didn't appreciate at the time is just how important a front-end proxy server is for Zope. If you expose Zope to a hostile network, it is mandatory. So now I don't consider this kind of thing a bug in Zope, unless Zope happens to make it possible to drastically amplify the effects of such an attack, (at which point crashing zope by running it into a resource limit becomes trivial) and a front-end proxy is unable or unlikely to thwart the attack. Zope's bug collector hides security related bugs until they are deemed worth of display by the controllers. Personally I think full disclosure is preferable to secrecy, but I'm willing to play by the rules laid down as long as I think the system is working for the general benefit of the community. You may have noticed I haven't been terribly secretive about recent cross site scripting or cache poisoning issues, and that can be attributed to, in part, my growing disastifaction with the system. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution. -Sathington Willoughby ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Jamie Heilman wrote Without properly configured resource limits, it is trivial to use an exposed Zope instance to exhaust host resources. If this is a real risk for you, you should be using per-process limits to make sure that the host can't be completely destroyed. Sure, zope will fall over when it hits the limit, but that's better than taking out the whole host. Yes, the existing bugs should (and probably will) be addressed as they're found, but as a belt-and-braces kinda thing, limits are also useful. Zope's bug collector hides security related bugs until they are deemed worth of display by the controllers. Personally I think full disclosure is preferable to secrecy, but I'm willing to play by the rules laid down as long as I think the system is working for the general benefit of the community. You may have noticed I haven't been terribly secretive about recent cross site scripting or cache poisoning issues, and that can be attributed to, in part, my growing disastifaction with the system. That's really a separate issue that is a zope corp thing to address... Anthony -- Anthony Baxter [EMAIL PROTECTED] It's never too late to have a happy childhood. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Thu, 13 Mar 2003, Toby Dickenson wrote: On Thursday 13 March 2003 5:21 am, Shane Hathaway wrote: The only vulnerability would involve trusted users who want to vandalize Zope. So even though there have been many hotfixes, they are irrelevant--Zope is still secure. (Unless you can't trust your trusted users, which is a different problem.) Of course you cant *completely* trust your trusted users. Thats why we have seperate user accounts, and seperate roles. IMO: Zope is sufficiently vulnerable to abuse from trusted users to justify concern. The normal zope development model is to consider normal python code as trusted - normal python code can do anything without security checks. Zope has many normal python methods that can be called by through-the-web code (after permission checking). In unix terms this is equivalent to having many setuid root programs. IMO concern can be justified without needing to find a specific exploit. From this point of view, Jamies advocacy of using Unix mechanisms to restrict this 'trusted' python code is valuable. I agree with you in principle, but your choice of words leads an outsider to believe that a vulnerability in Zope's internal security model is a root exploit. The truth is that a vulnerability in Zope's internal security model can only setuid to the privileges of the owner of the Zope process, and root doesn't own the Zope process. On most systems, Zope is owned by an independent, restricted user. To get root privileges, the user would still have to make use of a root exploit outside Zope. Yes, Zope's internal security model is currently too fragile, since any product can break the barriers, but Zope 3 is working to deal with that. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Christian Tismer schrieb: Dear Zope community, please excuse my ignorance, but I am asked from time to time how secure or insecure Zope actually is, and I always have to say that I actually don't know. There are people claiming that Zope opens a system to quite some level, others claim the opposite. Can someone please enlighten me and give me some details? Especially, are there some Zope products considered especially insecure? And, pondering more on security, are these issues, if they exist, bounded to Zope itself, or becomes a system generally more open to attacks, after Zope was installed? I don't mean to offend anybody by this, it is just a very simple question which I cannot answer alone. thanks so much in advance -- chris I think to be fair here we should compare Zope's security to the security of other similar tools, not only point out that there still are issues in Zope. It is extremely difficult to write secure web software that is at the same time highly interactive. If you want people to be able to do a lot with your system you will also have to open it up to some degree. My basic oppinion is that Zope is one of the most secure solutions for dynamic web applications. Some of the issues that have not been talked about in the previous postings: - Products that let you access the file system: There is a number of products (like LocalFS) that let you access the file system directly. While this is not always a problem one has to be extremely careful with those because they circumvent Zope's access limitations to the file system. Of course you are still restricted to the user Zope is running at ... - Products or methods that can use up a lot of resources: I can think of a couple of ways of using up most of the resources on a Zope system: - Using PIL (Python Imaging Library) without care: Let's say you offer an automatic image scaling tool to your users that can be called via a URL. Then it is relatively easy for an attacker to let PIL create huge images that might take several seconds to render and use up tens of megabytes of RAM. Doing this in a massive way will bring the server to a halt. There are similar exploits using other resource- intensive software, so this is just an example. Note that this is not a Zope design flaw, but a potential danger when being too careless in extending Zope. - Uploading huge files: This can effectively be handled by a proxy server (Apache can also limit most other DOS-related parameters quite efficiently) - Doing things that are perfectly allowed too frequently, like hammering the over-the-web registration tool with a robot: This has to be taken care of by the programmer. I'd guess that most of the servers out there (Zope or non-Zope) are not perfect in that respect. Again, Apache might help here. - Writing malicious code that loops forever etc. This is a part where Zope's security works quite well, but it is not perfect. There are no infinite loops or recursions because you'll eventually get stopped by Zope or Python. But I remember that I was able to write a three-liner in a (Script) Python that had a flaw and caused an enormous system load before it was terminated. The only way to stop this is careful coding. In a very public environment I'd limit the scripting available to site visitors to very simple tools like structured text. As soons as somebody untrusted can write code there is no way of preventing DOS-type attacks. Powerful tools are powerful. It's like guns: They can not be built to only kill the bad guys ... - Cross-scripting issues: I guess that some of those are still in the Zope Management Interface (which is not meant to be used by untrusted users in most cases), but Zope offers a lot of tools to make sure that it is hard to post malicious code in forums, attack Zope via URLs etc. For example there are quoting mechanisms in place, either automatic or easily applicable, that can be used to protect SQL strings, URLs, and text that is displayed on the site. The majority of exploits in PHP- or Perl-based solutions is in this domain. It is safe to say Zope is more secure than most other web application servers (protection against buffer overflows, limited access to the system's resources, very limited file system access, quoting mechanisms, secure SQL database access, very sophisticated internal security model), but Zope is not a firewall. If you don't take care there is some chance of DOS attacks. On the other hand I am quite positive that Zope is very secure in terms of preventing unauthorized access to the system (root exploits etc.). Joachim -- iuveno AG Joachim Werner _ Wittelsbacherstr. 23b 90475 Nürnberg [EMAIL PROTECTED] www.iuveno.de Tel.: +49 (0) 911/ 9 88 39 84 ___ Zope-Dev maillist - [EMAIL PROTECTED]
Re: [Zope-dev] install complains about 'invalid' Python files
[EMAIL PROTECTED] wrote: When I run the Zope install script on a freshly installed Zope, and my Product is already there, it complains that the *.py scripts (aimed for import) would be invalid, because there are return-, but no def statements. Thus, installation fails; I must first remove my product. This may be completely daft, but my first reaction is that files with Zope python scripts maybe should have separate file extentions, since they aren't valid python files. .pys, maybe? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Hi Jamie, I'm wondering if you might consider applying for checkin privileges. The host header issue that you've uploaded several patches for is a bonafide problem for some users, but I think that most people with checkin privs feel that it isn't sufficiently dangerous to the majority of users to take the time out to review all of your patches and vouch for them via a checkin (this might take a day or so to do). OTOH, if you could just check them in yourself, you would no longer feel disenfranchised. The process for obtaining checkin privileges is documented here: http://dev.zope.org/CVS/ContributorIntroduction HTH, - C On Thu, 2003-03-13 at 06:42, Jamie Heilman wrote: Max M wrote: A statement like that without an argument is worthless in a discussion. You need to elaborate as we cannot read your mind and see what lies behind the statement. My statement wasn't really aimed at you, sorry, I'm not playing fair. My statement was aimed at people who don't have to read my mind because they've been informed, and I'm making it in a public forum to be a pain the ass. I've already mentioned I have outstanding security related bugs in the collector, and as Toby noted I've been vocal on the value of process seperation and resource limits. This isn't a coincidence. Without properly configured resource limits, it is trivial to use an exposed Zope instance to exhaust host resources. This isn't entirely Zope's problem, this is usually an issue of misconfiguration. For example, until Zope 2.6, ZServer imposed no length limits on HTTP request headers. (These headers are read directly into memory, thus it was fairly easy to exhaust the memory of a host without resource limits.) When I found that out I reported it as a bug, and it was promptly addressed. (kudos) Now it could easily be argued, and I wouldn't be inclined to really disagree, that header length limits should be configured by the fronting server. What I didn't appreciate at the time is just how important a front-end proxy server is for Zope. If you expose Zope to a hostile network, it is mandatory. So now I don't consider this kind of thing a bug in Zope, unless Zope happens to make it possible to drastically amplify the effects of such an attack, (at which point crashing zope by running it into a resource limit becomes trivial) and a front-end proxy is unable or unlikely to thwart the attack. Zope's bug collector hides security related bugs until they are deemed worth of display by the controllers. Personally I think full disclosure is preferable to secrecy, but I'm willing to play by the rules laid down as long as I think the system is working for the general benefit of the community. You may have noticed I haven't been terribly secretive about recent cross site scripting or cache poisoning issues, and that can be attributed to, in part, my growing disastifaction with the system. -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution. -Sathington Willoughby ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Session Errors
John, Which Zope 2.6? Zope 2.6.1? Here's what line 807 of the current Transience.py looks like: v = self._data[b].get(k, notfound) Does yours look like that? What is the value of the __version__ variable at the top of the Transience.py file? On Thu, 2003-03-13 at 07:11, John Eikenberry wrote: Since upgrading to Zope-2.6 we've been getting KeyErrors when using Sessions. They seem to happen more now that we've started using hasSessionData(), but I'm pretty sure they happened prior to that. Anyways, here are the 2 related tracebacks. Has anyone else seen these? Traceback #1 occurs most frequently. The KeyError's value is an unprintable string of non-ascii characters. * Module ZPublisher.Publish, line 150, in publish_module * Module ZPublisher.Publish, line 114, in publish * Module The application server.App.startup, line 182, in zpublisher_exception_hook * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.special_dtml, line 61, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.Transience.Transience, line 342, in nudge * Module Products.Transience.Transience, line 467, in _getCurrentBucket * Module Products.TemporaryFolder.LowConflictConnection, line 34, in setstate * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load KeyError: Traceback #2 happens less frequently, though today it seemed like it was trying to catch up (3 of these today). * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 126, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.DotOrg.Pages.KContent, line 149, in __call__ * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData * Module Products.Sessions.SessionDataManager, line 175, in _hasSessionDataObject * Module Products.Transience.Transience, line 838, in has_key * Module Products.Transience.Transience, line 807, in get KeyError: 1047409860 -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] install complains about 'invalid' Python files
Lennart Regebro wrote: [EMAIL PROTECTED] wrote: When I run the Zope install script on a freshly installed Zope, and my Product is already there, it complains that the *.py scripts (aimed for import) would be invalid, because there are return-, but no def statements. Thus, installation fails; I must first remove my product. This may be completely daft, but my first reaction is that files with Zope python scripts maybe should have separate file extentions, since they aren't valid python files. .pys, maybe? Well, I wanted to avoid this. But since this seams to be the only possibility, I'll use .zpy instead (Zope PYthon script) and tell vim to highlight them as Python. Thanks, Tobias ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] install complains about 'invalid' Python files
You cannot rely on the Zope install script to handle add-on products well, if at all. The same issue wrt .py extensions is present in the CMF skins. So I guess the answer is: Don't do it that way. They are called add-on products for a reason ;-) Stefan --On Donnerstag, 13. März 2003 14:00 +0100 [EMAIL PROTECTED] wrote: When I run the Zope install script on a freshly installed Zope, and my Product is already there, it complains that the *.py scripts (aimed for import) would be invalid, because there are return-, but no def statements. Thus, installation fails; I must first remove my product. My question: is it possible to tell the install script not to compile a certain directory subtree, e.g. placing a certain file somewhere? -- Those who write software only for pay should go hurt some other field. /Erik Naggum/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Thu, 2003-03-13 at 10:26, Toby Dickenson wrote: I suspect most people with checkin privelidges dont know about this problem, because it wont have been sent to the public mailman list. True. I really don't know which set of committers gets the security-related emails from that collector. I do, somehow. Other folks at ZC do as well. If something really bad comes up, someone typically sounds the alarm and we put out a hotfix ASAP. I think this particular problem occurs in a sufficiently narrow set of circumstances that we didn't go into helmet fire mode on it (e.g. I think the consensus is it should be fixed in an upcoming release, but it doesn't require a hotfix). That said, this is a guess (and a judgement call), I haven't discussed it with anyone else. - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
I suspect most people with checkin privelidges dont know about this problem, because it wont have been sent to the public mailman list. Perhaps an email can be sent out saying Issue number 1234. Temporarily restricted pending security review. http://url.to.get.it.if.you.are.logged.in Then, I'd be able to follow the link, authenticate, and read the issue. -- Steve Alexander ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
This is a good idea. I'll add an issue to the collector collector. - C On Thu, 2003-03-13 at 11:10, Steve Alexander wrote: I suspect most people with checkin privelidges dont know about this problem, because it wont have been sent to the public mailman list. Perhaps an email can be sent out saying Issue number 1234. Temporarily restricted pending security review. http://url.to.get.it.if.you.are.logged.in Then, I'd be able to follow the link, authenticate, and read the issue. -- Steve Alexander ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
In article [EMAIL PROTECTED] you write: - Cross-scripting issues: I guess that some of those are still in the Zope Management Interface (which is not meant to be used by untrusted users in most cases), but Zope offers a lot of tools to make sure that it is hard to post malicious code in forums, attack Zope via URLs etc. I've worked had to remove all those in the DTML code. I've not audited the rest of the python code that generates HTML directly (code that should be taken out and shot), but I think there are patches for those in the collector. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:[EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Thu, Mar 13, 2003 at 06:11:32PM +0100, Florent Guillaume wrote: In article [EMAIL PROTECTED] you write: - Cross-scripting issues: I guess that some of those are still in the Zope Management Interface (which is not meant to be used by untrusted users in most cases), but Zope offers a lot of tools to make sure that it is hard to post malicious code in forums, attack Zope via URLs etc. I've worked had to remove all those in the DTML code. I've not audited the rest of the python code that generates HTML directly (code that should be taken out and shot), but I think there are patches for those in the collector. And Florent's patches came on top of my DTML pro-active anti-HTML-from- REQUEST-sourced-data changes that cause all outside strings to be HTML quoted if they could *possibly* be used to construct HTML tags. Some of my changes included taking out some of the directly-HTML-generating python code to be shot without trial. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope3-dev] How (in)secure is Zope?
Tim Peters wrote: [Christian Tismer] ... I don't mean to offend anybody by this, it is just a very simple question which I cannot answer alone. There may be a simple question hiding in this, but it's hard to find wink. You try: how secure is sendmail? how secure is ssh? how secure is Python? Answer those simple(?!) questions in the way you're looking for, and maybe someone can do the same wrt Zope. As is, you *appear* to be asking for a one-word summary of an encyclopedia. Big wink. Hey, you're right. Maybe, by simple question I meant short question, not necessarily easy to answer at all. :-) For the sysadmin's POV, I think it should be formulated like: If I install Zope, and I don't have the time to become a Zope guru, what are the newly accumulated risks for my system, if I use the default installation? The biggest fear would probably be a number of known exploits, and Joe Hacker just has to download some of those tools, and the system is open. It appears that at least *that* is not the case. I think the answers given on the list were quite useful, thanks to you all! cheers - chris p.s.: sendmail? ssh? Python? Security exploits are discussed in the bugtraq list. I can find them all in the list archive. What about Zope? It is not in bugtraq. -- Christian Tismer :^) mailto:[EMAIL PROTECTED] Mission Impossible 5oftware : Have a break! Take a ride on Python's Johannes-Niemeyer-Weg 9a :*Starship* http://starship.python.net/ 14109 Berlin : PGP key - http://wwwkeys.pgp.net/ work +49 30 89 09 53 34 home +49 30 802 86 56 pager +49 173 24 18 776 PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04 whom do you want to sponsor today? http://www.stackless.com/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope3-dev] How (in)secure is Zope?
On Wed, Mar 12, 2003 at 09:39:02PM -0500, Tres Seaver wrote: Now let me describe another configuraton, running in production now for years (one process in the cluster had an uptime of 400 days at a recent hardware-induced reboot): - Two Zope application servers run behind a load balancer and an Apache proxy (non-caching), serving requests against data in a shared storage server. - The server permits through-the-web registration, with minimal identity check (only a valid e-mail address. As of this writing, there are 18000+ user accounts. - Users of the site get a member folder where they can create templates, Python scripts, and content within the ZODB. Some minimal workflow exists, controlling basically whether the user's content is included in site searches. Hmmm, I wonder what this site is. ;-) -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's GIRL ATHON! (random hero from isometric.spaceninja.com) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Session Errors
Sorry, its Zope 2.6.1. Chris McDonough wrote: John, Which Zope 2.6? Zope 2.6.1? Here's what line 807 of the current Transience.py looks like: v = self._data[b].get(k, notfound) Does yours look like that? Yes. What is the value of the __version__ variable at the top of the Transience.py file? __version__='$Revision: 1.28.6.4 $'[11:-2] On Thu, 2003-03-13 at 07:11, John Eikenberry wrote: Since upgrading to Zope-2.6 we've been getting KeyErrors when using Sessions. They seem to happen more now that we've started using hasSessionData(), but I'm pretty sure they happened prior to that. Anyways, here are the 2 related tracebacks. Has anyone else seen these? Traceback #1 occurs most frequently. The KeyError's value is an unprintable string of non-ascii characters. * Module ZPublisher.Publish, line 150, in publish_module * Module ZPublisher.Publish, line 114, in publish * Module The application server.App.startup, line 182, in zpublisher_exception_hook * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.special_dtml, line 61, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.Transience.Transience, line 342, in nudge * Module Products.Transience.Transience, line 467, in _getCurrentBucket * Module Products.TemporaryFolder.LowConflictConnection, line 34, in setstate * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load KeyError: Traceback #2 happens less frequently, though today it seemed like it was trying to catch up (3 of these today). * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 126, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.DotOrg.Pages.KContent, line 149, in __call__ * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData * Module Products.Sessions.SessionDataManager, line 175, in _hasSessionDataObject * Module Products.Transience.Transience, line 838, in has_key * Module Products.Transience.Transience, line 807, in get KeyError: 1047409860 -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Session Errors
Hi John, Can you apply the attached diff to your Transience.py file and run with it in place for a couple of days? It will not fix the problem (the symptoms will remain) but it should print some diagnostic information to the Zope event log (the STUPID_LOG_FILE, hopefully you've got that going) that will help us track down what this might be. Once you notice it happen, send the relevant parts of your logfile to me and I will see if I can analyze it. - C On Thu, 2003-03-13 at 15:19, John Eikenberry wrote: Sorry, its Zope 2.6.1. Chris McDonough wrote: John, Which Zope 2.6? Zope 2.6.1? Here's what line 807 of the current Transience.py looks like: v = self._data[b].get(k, notfound) Does yours look like that? Yes. What is the value of the __version__ variable at the top of the Transience.py file? __version__='$Revision: 1.28.6.4 $'[11:-2] On Thu, 2003-03-13 at 07:11, John Eikenberry wrote: Since upgrading to Zope-2.6 we've been getting KeyErrors when using Sessions. They seem to happen more now that we've started using hasSessionData(), but I'm pretty sure they happened prior to that. Anyways, here are the 2 related tracebacks. Has anyone else seen these? Traceback #1 occurs most frequently. The KeyError's value is an unprintable string of non-ascii characters. * Module ZPublisher.Publish, line 150, in publish_module * Module ZPublisher.Publish, line 114, in publish * Module The application server.App.startup, line 182, in zpublisher_exception_hook * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.special_dtml, line 61, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.Transience.Transience, line 342, in nudge * Module Products.Transience.Transience, line 467, in _getCurrentBucket * Module Products.TemporaryFolder.LowConflictConnection, line 34, in setstate * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load KeyError: Traceback #2 happens less frequently, though today it seemed like it was trying to catch up (3 of these today). * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 126, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.DotOrg.Pages.KContent, line 149, in __call__ * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData * Module Products.Sessions.SessionDataManager, line 175, in _hasSessionDataObject * Module Products.Transience.Transience, line 838, in has_key * Module Products.Transience.Transience, line 807, in get KeyError: 1047409860 -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ? btreecheck.diff ? kedaipatch Index: Transience.py === RCS file: /cvs-repository/Zope/lib/python/Products/Transience/Transience.py,v retrieving revision 1.28.6.4 diff -r1.28.6.4 Transience.py 34a35 from BTrees.check import check, display 45a47 from cStringIO import StringIO 807c809,830 v = self._data[b].get(k, notfound) --- try: v = self._data[b].get(k, notfound) except KeyError: LOG('Transience', WARNING, 'KeyError raised in get, checking _data BTree') try: check(self._data)
Re: [Zope-dev] Proposed installation changes for review
On March 10, Fred L. Drake, Jr. wrote: I'm not sure what you mean; it sounds like you're looking for either DBTab-style mounts or something different. Please describe the configuration so we can be sure that there's some way to support it. Yes, DBTab-style mounts are what I'm looking for. Shane says, Hopefully, Zope 2.7 will integrate DBTab's functionality. I took that at face value and assumed the rest of the crowd knew about it. DBTab's only limitation is that it has hard-coded storage types (most notably lacking is DirectoryStorage). The way I see this resolved is that DBTab knows nothing about storage types, but instead provides a mechanism for each storage to declare its configuration to ZConfig. I'm guessing the way to do that is to provide a ZConfig schema for each storage that declares what it needs configured, and a mount-point just needs a valid storage directive. Is this possible? I would also like to see the mounting mechanism work outside of Zope, so that you can partition a standalone ZODB application. That is outside the immediate scope of this thread, but something perhaps to keep in mind. a. -- Adrian van den Dries [EMAIL PROTECTED] Development team www.dev.flow.com.au FLOW Communications Pty. Ltd. www.flow.com.au ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On March 13, Lennart Regebro wrote: 2. Protecting yourself from packet snooping: Zope doesn't have any encryption built-in, SSL needs external software to implement fro example. In this sense Zope can be MADE secure with some work, but is not secure at all out of the box. Speaking of which, does anyone have any strategies for doing a combination HTTP/HTTP-S setup, ie, where anonymous requests are HTTP, and all authenticated requests are encrypted? Specifically, Zope has no way of knowing beforehand that access to a resource will throw an Unauthorized error, and when it does, it just sends a WWW-Authenticate header, and the browser retries the request with the supplied header. We want to enforce that passwords are never solicited without SSL. One way is probably to use CookieCrumbler and hack it to rewrite came_from so s/^http/https/. Is there a way that doesn't require hacking? a. -- Adrian van den Dries [EMAIL PROTECTED] Development team www.dev.flow.com.au FLOW Communications Pty. Ltd. www.flow.com.au ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Fri, Mar 14, 2003 at 09:19:55AM +1100, Adrian van den Dries wrote: On March 13, Lennart Regebro wrote: 2. Protecting yourself from packet snooping: Zope doesn't have any encryption built-in, SSL needs external software to implement fro example. In this sense Zope can be MADE secure with some work, but is not secure at all out of the box. Speaking of which, does anyone have any strategies for doing a combination HTTP/HTTP-S setup, ie, where anonymous requests are HTTP, and all authenticated requests are encrypted? If you're front-ending with Apache, you could have a rewrite rule that would send an HTTP redirect if there are authentication credentials in the request. It still means one trip across the net with credentials in the clear. Not useful if you are using SSL for privacy but useful if you are using SSL for authenticity. Specifically, Zope has no way of knowing beforehand that access to a resource will throw an Unauthorized error, and when it does, it just sends a WWW-Authenticate header, and the browser retries the request with the supplied header. We want to enforce that passwords are never solicited without SSL. One way is probably to use CookieCrumbler and hack it to rewrite came_from so s/^http/https/. Is there a way that doesn't require hacking? You could maybe wrap stuff in a method or object that will catch an Unauthorized error and return a HTTP redirect to a https:// URL. When the page is hit using HTTPS, don't bother checking. This simplest thing to do would be to do everything over SSL (anonymous or authenticated). I do this now with an apache non-SSL virtual host sending a redirect to the SSL virtual host with the same URI. -- Dave === | - You must be smarter than this stick to ride the Internet -Mike Handler === ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Conflict reduced BTrees for cataloging
I am working on a CMS on top of ZODB for large amounts of large SGML/XML documents. To speed things up, a colleague started two import processes and we get incredible amounts of database read conflict errors from cataloguing (although we already use QueueCatalog for most indexes). I think, the data structures used for cataloguing and indexing could have a def _p_independent(self): return 1. Does anybody objects? If not, I will implement _p_independent BTrees and friends. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Pydoc and Zope
Joachim Werner wrote at 2003-3-12 00:45 +0100: I've used Pydoc with Dieter Maurer's patches to browse the Zope sourcecode before. These patches are quite old and probably incompatible with current Zope versions. I expect that only minor changes are necessary to make them work with Zope 2.1.6: * Initialization moved from Zope/__init__.py to Zope/App/startup.py * An explicite call to startup might be necessary. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Session Errors
Patch applied and the first results are in... so far its a lot of these: 2003-03-13T15:18:07 PROBLEM(100) Transience KeyError raised in get, checking _data BTree -- 2003-03-13T15:18:07 PROBLEM(100) Transience BTree check succeeded Chris McDonough wrote: Hi John, Can you apply the attached diff to your Transience.py file and run with it in place for a couple of days? It will not fix the problem (the symptoms will remain) but it should print some diagnostic information to the Zope event log (the STUPID_LOG_FILE, hopefully you've got that going) that will help us track down what this might be. Once you notice it happen, send the relevant parts of your logfile to me and I will see if I can analyze it. - C On Thu, 2003-03-13 at 15:19, John Eikenberry wrote: Sorry, its Zope 2.6.1. Chris McDonough wrote: John, Which Zope 2.6? Zope 2.6.1? Here's what line 807 of the current Transience.py looks like: v = self._data[b].get(k, notfound) Does yours look like that? Yes. What is the value of the __version__ variable at the top of the Transience.py file? __version__='$Revision: 1.28.6.4 $'[11:-2] On Thu, 2003-03-13 at 07:11, John Eikenberry wrote: Since upgrading to Zope-2.6 we've been getting KeyErrors when using Sessions. They seem to happen more now that we've started using hasSessionData(), but I'm pretty sure they happened prior to that. Anyways, here are the 2 related tracebacks. Has anyone else seen these? Traceback #1 occurs most frequently. The KeyError's value is an unprintable string of non-ascii characters. * Module ZPublisher.Publish, line 150, in publish_module * Module ZPublisher.Publish, line 114, in publish * Module The application server.App.startup, line 182, in zpublisher_exception_hook * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.special_dtml, line 61, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.Transience.Transience, line 342, in nudge * Module Products.Transience.Transience, line 467, in _getCurrentBucket * Module Products.TemporaryFolder.LowConflictConnection, line 34, in setstate * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load KeyError: Traceback #2 happens less frequently, though today it seemed like it was trying to catch up (3 of these today). * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 126, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.DotOrg.Pages.KContent, line 149, in __call__ * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData * Module Products.Sessions.SessionDataManager, line 175, in _hasSessionDataObject * Module Products.Transience.Transience, line 838, in has_key * Module Products.Transience.Transience, line 807, in get KeyError: 1047409860 -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ? btreecheck.diff ? kedaipatch Index: Transience.py === RCS file: /cvs-repository/Zope/lib/python/Products/Transience/Transience.py,v retrieving revision 1.28.6.4 diff -r1.28.6.4 Transience.py 34a35 from BTrees.check import check, display 45a47 from cStringIO import
Re: [Zope] Re: [Zope-dev] Proposed installation changes for review
Chris McDonough wrote at 2003-3-11 15:32 -0500: On Tue, 2003-03-11 at 15:22, Guido van Rossum wrote: That's why we're including the correct versions of ZODB and ZEO in Zope itself. That's already the case in Zope 2.6. Zope 2.6 doesn't yet include ZEO, at least I don't think it does. ;-) When you make a CVS checkout of the 2.6 branch, it already contains ZEO. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposed installation changes for review
Hi Chris, Chris McDonough wrote at 2003-3-11 18:39 -0500: On Tue, 2003-03-11 at 17:11, Dieter Maurer wrote: All this is achieved by incorporating the result of hostname into the respective environment variables. I do not know how to do something like this in a configuration file (unless it provides for some form of shell functionality). ZConfig does allow you to declare and use simple bash-style variables within a single file, When the configuration is composed out of components (e.g. for packages), then some global declarations might be very useful. I.e. a features as the global parameters in XSLT. This would allow to have a single place to change all dependent components (locations are most likely candidates for this feature). but currently provides no access to the environment. I suspect we could add something to obtain an envvar value within ZConfig. E.g.: %define HOSTNAME ${HOSTNAME} .. then refer to $HOSTNAME in the rest of the config file... (squiggly brackets would mean obtain from environment). Do you think this would suffice? For us, it would. But the syntax could be a bit more explicit, maybe ${env HOSTNAME} (a la make, where the first word in ${...} may be a function). Or maybe we just make HOSTNAME and/or IP_ADRRESS within the a key constant as you describe. I like access to the environment more. - Building and installing the software have become more clearly distinct; the installation can be separate from the build. Seems you make the elementary installation more difficult. I'm surprised at this assertion. The most elementary way of install under 2.7 is this: $ cd Zope-src $ ./configure {finds suitable Python and reports lack of large file support} $ make $ make install $ /opt/zope/mkzopeinstance /tmp/inst {user edits /tmp/inst/etc/zope.conf, which has inline docs} $ /tmp/inst/zopectl start While under 2.6 it's this: {need to know to configure Python with largefile support} $ cd Zope-src $ /path/to/python/version/you/want wo_pcgi.py {user finds and reads doc/ENVIRONMENT.txt for envvars} {user finds and reads z2.py for command-line switches} {user edits the 'start' script with the right switches and envvars} $ ./start I never read ENVIRONMENT.txt; for elementary use, I need neither read z2.py nor do anything with start. These things may come later, when newbies are already a bit acquainted with Zope. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] RE: [Zope3-dev] How (in)secure is Zope?
[Christian Tismer] ... p.s.: sendmail? ssh? Python? Security exploits are discussed in the bugtraq list. I can find them all in the list archive. What about Zope? It is not in bugtraq. The obvious conclusion is that no security hole has ever been discovered in Zope. Whether that's a *correct* conclusion I take no position on, just that it's the obvious conclusion wink. I think the answers given on the list were quite useful, thanks to you all! You're welcome. Don't forget that Zope's source is open, too: lots of eyeballs have scanned it, so the potentially dangerous modes of operation seem well-known in the community. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
Chris McDonough wrote: I'm wondering if you might consider applying for checkin privileges. I've considered it. I don't think you need anymore cooks, maybe just a few more recipes. The host header issue that you've uploaded several patches for is a bonafide problem for some users, but I think that most people with checkin privs feel that it isn't sufficiently dangerous to the majority of users to take the time out to review all of your patches and vouch for them via a checkin (this might take a day or so to do). Well then that either means I'm not explaining it well enough, or I'm wrong, or something. What I'm shooting for is some discussion of the issue, which to use bug 813 as an example, is why I asked for it to be made public. Even after going into more explicit detail on the zope list though I got exactly 0 followups, so I was starting to think people just didn't really care all that much. Thankfully this thread came along... OTOH, if you could just check them in yourself, you would no longer feel disenfranchised. I don't actually feel disenfranchised, just confused as to what kind of commitment to security ZC is making. My disapointment stems from my lack of ability to get any feedback on the bugs I've submitted. Its kinda happening now, but having to kick up dust to make it happen is less than ideal. I'm also worried about the amount of reported bugs versus the activity occuring to fix them. I understand many of them are probably I did X and Y crashed, and gosh I think it might be a security problem in Z. without any analysis apart from random observation, which is sort of a pain in the ass to deal with, but they aren't visible, and thus I worry they aren't all like 493. (of which 494 is a public dupe g) -- Jamie Heilman http://audible.transient.net/~jamie/ Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution. -Sathington Willoughby ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How (in)secure is Zope?
On Thu, 2003-03-13 at 22:09, Jamie Heilman wrote: Chris McDonough wrote: I'm wondering if you might consider applying for checkin privileges. I've considered it. I don't think you need anymore cooks, maybe just a few more recipes. We have many recipes already. The host header issue that you've uploaded several patches for is a bonafide problem for some users, but I think that most people with checkin privs feel that it isn't sufficiently dangerous to the majority of users to take the time out to review all of your patches and vouch for them via a checkin (this might take a day or so to do). Well then that either means I'm not explaining it well enough, or I'm wrong, or something. What I'm shooting for is some discussion of the issue, which to use bug 813 as an example, is why I asked for it to be made public. Even after going into more explicit detail on the zope list though I got exactly 0 followups, so I was starting to think people just didn't really care all that much. Thankfully this thread came along... It's not that people don't care, it's that there's a lot of work to do, a limited amount of time to do it in, and people have to choose carefully what they apply themselves to. I'm sure you can understand this. OTOH, if you could just check them in yourself, you would no longer feel disenfranchised. I don't actually feel disenfranchised, just confused as to what kind of commitment to security ZC is making. Zope is an open source product, the collector issues make their way to many folks outside ZC as well. My disapointment stems from my lack of ability to get any feedback on the bugs I've submitted. Its kinda happening now, but having to kick up dust to make it happen is less than ideal. I'm not sure how else to help you. The bug reports are appreciated, but we need folks to do the work. I'm also worried about the amount of reported bugs versus the activity occuring to fix them. I understand many of them are probably I did X and Y crashed, and gosh I think it might be a security problem in Z. without any analysis apart from random observation, which is sort of a pain in the ass to deal with, but they aren't visible, and thus I worry they aren't all like 493. (of which 494 is a public dupe g) Which is why we want more cooks. If you don't want checkin privs, that's ok, but you'll need to be more patient. - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Session Errors
OK, thanks John. I hate to ask this (I should have done this to start with), but would you be willing to use the following patch --against the original file, not your recently patched version-- and try again? I only checked one of the two BTrees that might be at the heart of the problem with the first patch, this patch checks the second as well. - C On Thu, 2003-03-13 at 18:18, John Eikenberry wrote: Patch applied and the first results are in... so far its a lot of these: 2003-03-13T15:18:07 PROBLEM(100) Transience KeyError raised in get, checking _data BTree -- 2003-03-13T15:18:07 PROBLEM(100) Transience BTree check succeeded Chris McDonough wrote: Hi John, Can you apply the attached diff to your Transience.py file and run with it in place for a couple of days? It will not fix the problem (the symptoms will remain) but it should print some diagnostic information to the Zope event log (the STUPID_LOG_FILE, hopefully you've got that going) that will help us track down what this might be. Once you notice it happen, send the relevant parts of your logfile to me and I will see if I can analyze it. - C On Thu, 2003-03-13 at 15:19, John Eikenberry wrote: Sorry, its Zope 2.6.1. Chris McDonough wrote: John, Which Zope 2.6? Zope 2.6.1? Here's what line 807 of the current Transience.py looks like: v = self._data[b].get(k, notfound) Does yours look like that? Yes. What is the value of the __version__ variable at the top of the Transience.py file? __version__='$Revision: 1.28.6.4 $'[11:-2] On Thu, 2003-03-13 at 07:11, John Eikenberry wrote: Since upgrading to Zope-2.6 we've been getting KeyErrors when using Sessions. They seem to happen more now that we've started using hasSessionData(), but I'm pretty sure they happened prior to that. Anyways, here are the 2 related tracebacks. Has anyone else seen these? Traceback #1 occurs most frequently. The KeyError's value is an unprintable string of non-ascii characters. * Module ZPublisher.Publish, line 150, in publish_module * Module ZPublisher.Publish, line 114, in publish * Module The application server.App.startup, line 182, in zpublisher_exception_hook * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.special_dtml, line 61, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.Transience.Transience, line 342, in nudge * Module Products.Transience.Transience, line 467, in _getCurrentBucket * Module Products.TemporaryFolder.LowConflictConnection, line 34, in setstate * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load KeyError: Traceback #2 happens less frequently, though today it seemed like it was trying to catch up (3 of these today). * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 126, in __call__ * Module DocumentTemplate.DT_String, line 474, in __call__ * Module Products.DotOrg.Pages.KContent, line 149, in __call__ * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData * Module Products.Sessions.SessionDataManager, line 175, in _hasSessionDataObject * Module Products.Transience.Transience, line 838, in has_key * Module Products.Transience.Transience, line 807, in get KeyError: 1047409860 -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) -- John Eikenberry [EMAIL PROTECTED] __ A society that will trade a little liberty for a little order will deserve neither and lose both. --B. Franklin ___ Zope-Dev maillist - [EMAIL PROTECTED]
Re: [Zope-dev] Proposed installation changes for review
On Thu, 2003-03-13 at 16:14, Dieter Maurer wrote: ZConfig does allow you to declare and use simple bash-style variables within a single file, When the configuration is composed out of components (e.g. for packages), then some global declarations might be very useful. I.e. a features as the global parameters in XSLT. This would allow to have a single place to change all dependent components (locations are most likely candidates for this feature). OK, I'll add this to the list of desired features as well, thanks. but currently provides no access to the environment. I suspect we could add something to obtain an envvar value within ZConfig. E.g.: %define HOSTNAME ${HOSTNAME} .. then refer to $HOSTNAME in the rest of the config file... (squiggly brackets would mean obtain from environment). Do you think this would suffice? For us, it would. But the syntax could be a bit more explicit, maybe ${env HOSTNAME} (a la make, where the first word in ${...} may be a function). We'll try out a couple different spellings I think. Currently we support both $NAME and ${NAME} (I fought hard against the former and lost), so we'll need to be creative. I never read ENVIRONMENT.txt; for elementary use, I need neither read z2.py nor do anything with start. These things may come later, when newbies are already a bit acquainted with Zope. OK. I think the config file is a bit more approachable for newbies, especially non-developer newbies who really don't care all that much about Zope and just want to get it set up for people who are developers. But to each his own. - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] doctors agree on this 8437HMgS5-650GBQi667-19
Stop paying high prices for Inkjet and Laser Cartridges. We have cartridges for the following printers: Apple Brother Canon Epson Hewlett-Packard Lexmark Panasonic Xerox Plus many more! SAVE up to 85% on all of ENTER NOW START TO SAVE Your email address was subscribed using an online form. Please accept our apologies if you have been subscribed in error If you do not wish to receive future information, click here We honor all remove requests 8669cRuP5-747iAul1195pUsD6-271Wl29¢zùYb²Öh¥àÞ¿:)zàÛiÿù\è¥ê+ùYùb²Ø§~ó¢zóhrº,²,¶Ê+3zw(v)àEéZµçeËlÛiÿù\è¥ê+ùYùb²Ø§~ó¢z.Ç¡¶Úþf¢:)zàþf¢f§þX¬¶)ߣüè¥