Hi Dieter,
             I dont have a need to run all the external method as root, only
some of them. For this what I was thinking was to introduce a new control
apart from the regular ones. viz
id , title , Module Name and Function Name by name of 'Run as root', it
would probably be a checkbox.Then at the point when external method code is
executed I would check for the said control and if checked would get it
executed as root.
Can you telll me where should I look in the source(Code segment where
external methods are loaded and executed)

On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer <[EMAIL PROTECTED]> wrote:

> rishi pathak wrote at 2008-4-7 17:46 +0530:
> >There is a requirement for running some external methods as super user.
> >For this I thought of adding a new parameter.If set the code would be
> >executed with effective uid of root.
> This is extremely dangerous.
> To run code as super user, you need to change the effective user id.
> Changing the effective user id affects the whole process -- not just
> the thread executing your external method.
> These things are very difficult to handle in a multi threaded environment,
> in general.
> Moreover, running internet driven code uncontrolled as super user
> is likely to be a big security risk.
> Let your application write some command to a queue and process
> the queue asynchronously. The processing can be performed as
> super user.
> If this is not possible, let your application communicate
> with another process which runs as super user -- and pass on
> synchronous commands from your application to this process.
> In both cases, it is ensured that only the restricted command
> set can be used to run something as super user -- and
> not some arbitrary code....
> --
> Dieter

Rishi Pathak
National PARAM Supercomputing Facility
Center for Development of Advanced Computing(C-DAC)
Pune University Campus,Ganesh Khind Road
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to