Christian Tismer wrote:
> This is quite a silly argument, IMHO.

No its not, you can't give exact answers to inexact questions with no
prior understanding of how much foreknowledge the audience has.
Especially when you're talking about security.

> It is simple: Do I increase the possibility of somebody
> to obtain root rights, or do I not?

Given that there is no good reason to run Zope as root, assuming you
don't configure Zope to fly in the face of reason, and assuming you
discount the possiblity of exacerbating other external vulnerabilities
your system may have (which is a stupid thing to discount IMO), then
no, Zope doesn't increase the possiblity of obtaining root privileges.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"You came all this way, without saying squat, and now you're trying
 to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
 I liked you better when you weren't saying squat kid." -Buddy

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to