Chris McDonough wrote:
> > > Hmmm... thanks for trying it.  This doesn't seem much of a
> > risk, does
> > > it?
> >
> > Not that I can see off-hand. It is only a socket, a means for
> > communicating with Zope. The 'risk' would only lie in Zope's Security
> > mechanisms. ;-)
> >
> > The only possible risk would be a DoS type manuever if random
> > user could
> > rewrite the pcgi.soc socket. You could control this through var
> > directory permissions, will try this out and report back.
> You're the coolest!  Thanks..

OK, it appears that Zope can handle it if:
the var directory (for Zope) is rwx for user and group AND pcgi.soc is

This makes sense, of course. I was primarily making sure that Zope
didn't try to access it as a non-user (as some apps do).

So, in conclusion, the paranoid can make certain the directory
containing pcgi.soc is only writeable/executable to user/group owned by
the Zope process (and by the WebServer!!) with little fear of other son
the system accessing it willy-nilly. 

YYMV, offer void in some states, yadda yadda yadda.


"Linux: the operating system with a CLUE...
Command Line User Environment".

seen in a posting on

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to