[Zope] Re: root privileges required

Vangelis Mihalopoulos mihalop at vtrip.net
Wed Jul 28 13:03:19 EDT 2004


On 28 Jul 2004, Ken Manheimer wrote:

> That's key, though.  Your application is going to be a less attractive
> target for attacks than zope to the degree that it is a less prevalent
> application than zope.  This doesn't mean that you shouldn't be careful to
> make your application secure - but it does mean that you have a lot more
> lattitude than zope, the application, to provide for your special
> local-host security concerns.

 I agree with you. But what if i am implementing a file manager? With 
capabilities like upload/downloading any file in all filesystems? Even if 
i implement a privileged XML-RPC server which only listens requests from 
the local host (from Zope that is), i don't think security is tighter. If 
someone breaks into [the non-privileged] Zope, he can still use the 
privileged server to do as much harm as he pleases.
 I believe it comes down to what exactly are the privileged actions. If it 
is simply a very specific task that would not compromise the whole system 
security, that model is a "must". But if the privileged actions are more 
generic, with abilities to harm the whole system, then running Zope as 
root is of no importance.

 Thanks for your answer,
 Vangelis





More information about the Zope mailing list