X-Received: by 10.224.200.202 with SMTP id ex10mr19278856qab.8.1370453384592; Wed, 05 Jun 2013 10:29:44 -0700 (PDT) X-Received: by 10.49.116.132 with SMTP id jw4mr2535249qeb.33.1370453384573; Wed, 05 Jun 2013 10:29:44 -0700 (PDT) Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!ch1no1008454qab.0!news-out.google.com!10ni283qax.0!nntp.google.com!ch1no1008445qab.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.python Date: Wed, 5 Jun 2013 10:29:44 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=79.103.41.173; posting-account=DYJQ-woAAACEPH85Au2BhUVfFTfSfVa4 NNTP-Posting-Host: 79.103.41.173 References: <20a49aac-3867-481f-96d4-c95a050781ed@googlegroups.com> <592c84d8-2e86-4480-b784-c3ccadc8360d@googlegroups.com> <06fd6c2e-0979-4d61-b75a-6d9df7c1b624@googlegroups.com> <70390d65-5313-46bf-8110-b25f5fc9f76f@googlegroups.com> <8d52505a-7252-419b-8b4f-61e5ee56a78a@googlegroups.com> <2aef9194-ef36-45db-8c77-9510d3f14ebe@googlegroups.com> <8df8a9df-dbb9-4f35-a6a3-b45aa32a848b@googlegroups.com> <1496e27c-7870-48d2-afb0-1bf626e24b5f@googlegroups.com> <83de920f-dea8-49ad-9f6e-e25d3b2d8446@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <501f3d4e-bbe3-45e8-afce-96cedabe2bef@googlegroups.com> Subject: Re: Apache and suexec issue that wont let me run my python script From: =?ISO-8859-7?B?zenq/Ovh7/Igyu/98eHy?= Injection-Date: Wed, 05 Jun 2013 17:29:44 +0000 Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable Xref: csiph.com comp.lang.python:47118 =D4=E7 =D4=E5=F4=DC=F1=F4=E7, 5 =C9=EF=F5=ED=DF=EF=F5 2013 8:16:46 =EC.=EC.= UTC+3, =EF =F7=F1=DE=F3=F4=E7=F2 Chris Angelico =DD=E3=F1=E1=F8=E5: > On Thu, Jun 6, 2013 at 3:02 AM, =CD=E9=EA=FC=EB=E1=EF=F2 =CA=EF=FD=F1=E1= =F2 wrote: >=20 > > =D4=E7 =D4=E5=F4=DC=F1=F4=E7, 5 =C9=EF=F5=ED=DF=EF=F5 2013 7:33:50 =EC.= =EC. UTC+3, =EF =F7=F1=DE=F3=F4=E7=F2 Chris Angelico =DD=E3=F1=E1=F8=E5: >=20 > >> In fact, I didn't even bother fiddling with syslog. All I did was >=20 > >> .bash_history. Of course, I wasn't worried about you getting my IP >=20 > >> addresses (one of them is public anyway, and the other isn't mine any >=20 > >> longer than I'm using it), and nothing I did there was sufficiently >=20 > >> serious to be worth hiding, but I just did the history so I could >=20 > >> point out how easy this is. >=20 > > >=20 > > So, by executing .bash_history commands issued are cleared. okey. >=20 > > What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with s= yslog can the latter show me what commands have been executed, files opened= , commands given, services started-stopped etc? >=20 >=20 >=20 > Poke around in /var/log - I didn't tamper with anything there, so you >=20 > may well find log entries. But I don't know for sure what I did and >=20 > what I didn't do. >=20 >=20 >=20 > >> and nothing I did there was sufficiently serious to be worth hiding. >=20 > > >=20 > > Actually i believ you, because if you had malice in mind you could 'rm = -rf /' or deface frontpages which you didnt do. >=20 > > >=20 > > But is there a way for me to see what commands have been issued? syslog= perhaps as ia sk above? >=20 > > Since you didn't hurm the system why the need of wipe clean bash's hist= ory? >=20 >=20 >=20 > There won't be a full list of all commands, but you may find some >=20 > hints. And why wipe it? Just to show how easily it could be done. >=20 > Imagine if I'd: >=20 >=20 >=20 > 1) Created a new user, with a home directory of /etc >=20 > 2) Made a setuid root binary that gives me a shell >=20 > 3) Removed all logfile traces of having done so >=20 >=20 >=20 > I could then *retain full access* even after you change the root >=20 > password. And you would not know what I'd done, if I do the logfile >=20 > wipes correctly. You might see some hint (eg that logs were rotated >=20 > prematurely), but it'd be extremely hard to figure out what I did. Forensics is not my strong point, currently i'm learning linux hence i only= have basic knowledge just to get some basic stuff up and running. Now about what you did to me. I wanted to tell you that I (and I am sure th= ere are other people too) don't agree with what you did. I think it was pre= tty rotten -- you told me it was a bad idea to give out the root password a= nd that was as far as you should have gone, you had no right to "prove" it = by screwing with my system.=20 In the US there is a law called the DMCA which I think would make what you did illegal, even though i have you a password, because i clearly gave you access to help me fix a problem, not to do what you did. Of course US law doesn't help in this case since you i live in Greece = and you live in Australia... I decided a long time ago the certain people on the Python list were assholes, you leading the list followed by alex23, Mark Lawrence=20 and several more. Your post about how you are a good Christian just=20 confirms to me that you aren't -- people who brag about how moral they are are usually immoral. And besides the major assholes, there are lots of people there that will just agree with prevailing opinion=20 without thinking for themselves. I still maintain my belief that most people are good and want to help rather than be destructive(which to your defense you weren't entirely. The = mails you sent to my few customers though really pissed me off). And of course, i have no idea, if you ahve installed some kind of a backdoo= r utility that will grant you shell access via ssh to my system. I want to convince myself that you haven't done so.