The other file (pcgi.soc) is a unix domain socket... it
gets created
when you run "python w_pcgi" as a Zope install command from
the source
distribution. I'm not sure of the danger of having this get created
777. It might be worthwhile to look into what could be done to it.
Chris McDonough wrote:
The other file (pcgi.soc) is a unix domain socket... it
gets created
when you run "python w_pcgi" as a Zope install command from
the source
distribution. I'm not sure of the danger of having this get created
777. It might be worthwhile to look into what
Hmmm... thanks for trying it. This doesn't seem much of a
risk, does
it?
Not that I can see off-hand. It is only a socket, a means for
communicating with Zope. The 'risk' would only lie in Zope's Security
mechanisms. ;-)
The only possible risk would be a DoS type manuever if
Chris McDonough wrote:
Using gnutar, untarring as the root user preserves ownership on
expansion by default. Not sure if FreeBSD uses gnutar (I imagine not),
but this is the case with gnutar under Linux. I think this is what
happened to him... he said he could not use the RPM release and
this is also what I am talking about!
- Original Message -
From: Alexandre A. Drummond Barroso [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 11, 2000 7:59 PM
Subject: [Zope-dev] Zope 2.1.6 packages
It would be a good idea to change the user/group that owns any file in
Bill Anderson wrote:
He seemed to be mostly griping about files that were wide open (777). On
2.2.0b4 the only ones I get are:
lrwxrwxrwx1 root root 13 Jul 11 01:36 lib/python/ZEO/cPickle.so
- ../cPickle.so
lrwxrwxrwx1 root root 13 Jul 11 01:36 lib/python/ZServer -
Chris McDonough wrote:
Bill Anderson wrote:
He seemed to be mostly griping about files that were wide open (777). On
2.2.0b4 the only ones I get are:
lrwxrwxrwx1 root root 13 Jul 11 01:36 lib/python/ZEO/cPickle.so
- ../cPickle.so
lrwxrwxrwx1 root root 13 Jul 11 01:36
Wetried to install zope using its tar.gz file
and it created a lot of files with non-default users and with very permissive
permissions on a linux box (like 777 permissions for many files).
This is a HUGE security hole. We couldn't install
the RPMs files on our webserver. Is there any
Kenji Shikida [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 10, 2000 7:15 PM
To: [EMAIL PROTECTED]
Subject: [Zope-dev] zope and UNIX permissions
We tried to install zope using its tar.gz file and it created a lot of
files with non-default users and with very permissive permissions on a
linux box (like
On Mon, 10 Jul 2000, Chris McDonough wrote:
Which files? Know that if you untar as root, the files will be 'owned'
by whoever tarred it up on our side. Untar it as a normal user. Reset
the permissions of the ones you find too permissive. Then let us know
so we can change the distribution.
distribution, so I don't think the problem is
with the RPM.
-Original Message-
From: R. David Murray [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 10, 2000 10:55 PM
To: Chris McDonough
Cc: 'Leonardo Kenji Shikida'; [EMAIL PROTECTED]
Subject: RE: [Zope-dev] zope and UNIX permissions
11 matches
Mail list logo