On Monday 07 Oct 2002 1:47 pm, Guido van Rossum wrote:
> > > Well, there goes zLOG's MinimalLogger implementation.
> >
> > The module name might be 'MinimalLogger', but everywhere else it is
> > known as 'the stupid log'.
>
> And stupid it is.  But it's the only one we've got in the Zope core. :-(

For Zope there is the zLOG and ZLogger modules, which interact in mysterious 
ways. syslogLogger is in ZLogger. part of the mysterious plumbing is in 
z2.py, so is not available to a ZEO server.

> > > (This only holds for log files owned by a root, right?)
> >
> > No, I dont think ownership is relevant. Any log file which the zope
> > process can overwrite it of little use in proving that your zope
> > process has not been compromised.
>
> Fair enough.  But then why did you specifically refer to file
> descriptors?

It is possible for a log file to be owned by root and writeable only by root, 
yet still be open to compromise. This can happen if the file is opened by 
this process before dropping root privelidges, and never closed.



_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to