[Zope] medusa question

Shane Hathaway shane@digicool.com
Mon, 03 Jul 2000 17:06:16 -0400


Gary Shears wrote:
> Slightly off topic, but related. Does this mean that the everything on local
> file system is protected natively in zope. Short of things like buffer
> overflows. What I mean is, can I somehow muck up security in Zope and
> compromise my local system, or will only zope objects be affected?
>  I'm an absolute newbie to zope, and still trying to get a handle on the
> architecture.

As long as you don't use products that read and write arbitrary files
(such as LocalFS), Zope doesn't provide any way to write to any
directory but the "var" subdirectory (or if it does, it shouldn't and
will be fixed.)  So yes, Zope's architecture does provide decent
isolation from the file system.

Also keep in mind that Zope does not run as "root", so if you are
running on a Unix-like system such as Linux, even if Zope were fully
compromised an intruder would still have to find a security hole in
something else before it's possible to write to arbitrary files.

Shane