Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.053 X-Spam-Evidence: '*H*': 0.89; '*S*': 0.00; 'charset:iso-8859-7': 0.04; 'root': 0.05; 'remaining': 0.07; 'indeed,': 0.09; 'security.': 0.09; 'subject:script': 0.09; 'random': 0.14; 'did.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'help?': 0.16; 'python-list,': 0.16; 'subject:Apache': 0.16; 'subject:issue': 0.16; 'subject:run': 0.16; 'subject:python': 0.16; 'wrote:': 0.18; 'wed,': 0.18; 'trying': 0.19; 'help.': 0.21; 'creating': 0.23; 'copied': 0.24; 'of.': 0.24; 'fairly': 0.24; 'logging': 0.26; 'header:In-Reply-To:1': 0.27; 'tried': 0.27; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'too.': 0.31; 'you?': 0.31; 'didnt': 0.31; 'subject:that': 0.31; "we're": 0.32; 'another': 0.32; 'text': 0.33; 'could': 0.34; 'except': 0.35; 'no,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'really': 0.36; 'false': 0.36; 'impression': 0.36; 'doing': 0.36; "didn't": 0.36; 'half': 0.37; 'wrong': 0.37; 'so,': 0.37; 'list': 0.37; 'to:addr:python-list': 0.38; 'fact': 0.38; 'pm,': 0.38; 'to:addr:python.org': 0.39; 'changed': 0.39; 'read': 0.60; 'full': 0.61; 'first': 0.61; 'you.': 0.62; 'taking': 0.65; 'account': 0.65; 'kept': 0.65; 'dont': 0.67; 'forums': 0.68; 'promise': 0.68; 'home': 0.69; 'helping': 0.70; 'protect': 0.79; 'precious': 0.84; 'so...': 0.84; 'thrust': 0.84; 'dozen': 0.91; 'exposing': 0.91; 'promised': 0.91; 'subject:let': 0.93; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=glM3OdFAsi6IS/NoJfbbhTTtdea75BN+bIND85wCfmk=; b=SQOBSDjBHiS1LinmNY+NsgUzUCZrmh3aLRZXnipyJauWvfEZxn1GvY6R/H1tj+Rwni 9gu0ZQS+e9bU+cP7u3fOvYxi/jCdoOPy9DK9+pIlUdkiC8ApqAX6BuwIWg3lNnQBuUmB ioHzWuNnH5k3NtYjv4x4NKplczuWJGiv+RTMbfLqskqoVvd5Zm2fLYH5EqcERGz+c5uq lqpHLYm6HVfEZUiPiPTR1vbxICyE2NR5pS/d8gw9AgX1wiKCc/y+DZI1ixoKNiz/0XPZ 8endWBYhHLThOLHX7hal+08xXbxxicCXEpn7l+u58XoE9XIjFejQZBI2/iAd1l+GNJ/t tIxw== MIME-Version: 1.0 X-Received: by 10.58.100.234 with SMTP id fb10mr4520983veb.5.1370423136552; Wed, 05 Jun 2013 02:05:36 -0700 (PDT) In-Reply-To: <2aef9194-ef36-45db-8c77-9510d3f14ebe@googlegroups.com> References: <20a49aac-3867-481f-96d4-c95a050781ed@googlegroups.com> <51AD70E8.70506@gmail.com> <6c0ed9da-0f29-4b6b-a804-771763454dd4@googlegroups.com> <4ed43a69-0dfe-4078-a836-db5201811761@googlegroups.com> <2e1dbdc2-6bca-4c4e-93b0-4c0cddb72bc1@googlegroups.com> <03d8964e-7cea-4072-b1f1-19d83e494191@googlegroups.com> <4b65cdfe-b6c2-4d97-8623-77b10711bf78@googlegroups.com> <2ecc95c4-6114-49a6-ad47-df7bae4adfde@googlegroups.com> <592c84d8-2e86-4480-b784-c3ccadc8360d@googlegroups.com> <06fd6c2e-0979-4d61-b75a-6d9df7c1b624@googlegroups.com> <70390d65-5313-46bf-8110-b25f5fc9f76f@googlegroups.com> <8d52505a-7252-419b-8b4f-61e5ee56a78a@googlegroups.com> <2aef9194-ef36-45db-8c77-9510d3f14ebe@googlegroups.com> Date: Wed, 5 Jun 2013 19:05:36 +1000 Subject: Re: Apache and suexec issue that wont let me run my python script From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 45 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1370423139 news.xs4all.nl 15877 [2001:888:2000:d::a6]:54695 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:47040 On Wed, Jun 5, 2013 at 6:53 PM, =CD=E9=EA=FC=EB=E1=EF=F2 =CA=EF=FD=F1=E1=F2= wrote: > So, iam to blame this for trusting you? Your clients trust you to not compromise their security. You compromised their security by giving the root password to a stranger. > YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD = OF CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY = FOLDERS AND MAIL THEM TOO. > > IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DO= NT FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YO= U OUT. When did I ever give the impression that I wanted to help? When did I ever actually ask you for that power? No, you kept trying to thrust it on us as part of your demands for assistance. > I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FA= CT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE = AS SOME OTHER FORUMS TOO. So... your root account has fairly public access. Did you notify your clients that half a dozen random people have full access to their server? Can you prove to them that their private data is, indeed, private? > I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN= SCREWED ME. What promise? I never promised to help. Go read my posts... I would have said "reread" except that you never read them in the first place. Just be aware, I didn't actually hurt you in any way. I changed your root password to protect it, but you still have access. The only harm that could come from this is that your clients are now aware of the risks they are taking by remaining with you. I'm stripping away the veil and exposing the truth. Nothing more. And now, we're very much off-topic for python-list, but I think it's a good thing for other potential server-maintainers to be aware of. Trust is a very precious thing. ChrisA