This request will trigger an exception in the exception handling. The exception does not get caught anywhere, causing the thread to be killed.
Doing this four times, kills all threads, the zope process itself continues to run.
This problem does not occur with Zope 2.12. There The ZServer has a catchall exception handler that covers the issue.
I created a branch from the 2.10 branch:
svn+ssh://<email address hidden>/repos/main/Zope/branches/do3cc_catchall
It contains the same changes as they happened in Zope 2.12. On retrying the above procedure, the user does not get any answer, but the thread also does not die.
I'll mark this issue as a security vulnerability because I want the bug to be private.
This bug was originally reported by somebody else.
This has been observed with regular plone installations, but the root cause is in zope.
The easiest way to trigger this behaviour, is buildbot.
Create this buildout.cfg:
[buildout] svn.plone. org/svn/ collective/ buildout/ plonetest/ plone-3. 3.5.cfg
extends=http://
Get yourself a copy of bootstrap.py and run buildout.
Start zope. yoursite/ plone/new_ page?came_ from:list= 123
Create a zope site
add a page.
log out
as anonymous, create an url like this: http://
This request will trigger an exception in the exception handling. The exception does not get caught anywhere, causing the thread to be killed.
Doing this four times, kills all threads, the zope process itself continues to run.
This problem does not occur with Zope 2.12. There The ZServer has a catchall exception handler that covers the issue.
I created a branch from the 2.10 branch: /repos/ main/Zope/ branches/ do3cc_catchall
svn+ssh://<email address hidden>
It contains the same changes as they happened in Zope 2.12. On retrying the above procedure, the user does not get any answer, but the thread also does not die.
I'll mark this issue as a security vulnerability because I want the bug to be private.
This bug was originally reported by somebody else.