Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.020 X-Spam-Evidence: '*H*': 0.96; '*S*': 0.00; 'charset:iso-8859-7': 0.04; "client's": 0.09; 'measure': 0.09; 'subject:script': 0.09; 'things,': 0.09; "wouldn't": 0.14; '-rf': 0.16; 'accepts': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'gonna': 0.16; 'letting': 0.16; 'people?': 0.16; 'subject:Apache': 0.16; 'subject:issue': 0.16; 'subject:run': 0.16; 'worst': 0.16; 'subject:python': 0.16; 'wrote:': 0.18; 'do.': 0.18; 'wed,': 0.18; 'help.': 0.21; '(by': 0.24; 'asking': 0.27; 'header:In-Reply- To:1': 0.27; 'message-id:@mail.gmail.com': 0.30; 'subject:that': 0.31; 'yes.': 0.31; 'addresses': 0.33; 'could': 0.34; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'in.': 0.36; 'done': 0.36; 'next': 0.36; "didn't": 0.36; 'being': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'anything': 0.39; 'to:addr:python.org': 0.39; 'even': 0.60; 'logged': 0.60; 'tell': 0.60; 'simply': 0.61; "you're": 0.61; "you'll": 0.62; 'complete': 0.62; 'different': 0.65; 'cards': 0.65; 'customers': 0.66; 'actually,': 0.84; 'betraying': 0.84; 'wipe': 0.84; 'subject:let': 0.93; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=D5k/u1akJr7NAahF7y6c7ghXh7oYpsIpoJ5v9Q9sXs4=; b=ZqlsVGhdRSW/WBbk8gsbId4x4thfHv1eZqt/pKK8Dt4SHRPtuHdPniWNjBH21aTTHg 84zboAfr90kCicMbRgRhIO1LdC/UlI2RkvBDtlvn0pXhSBaAaO1zNH9rM4nyjPBFF6kB J3eTcmHES1P7OmpYz6x6Q//0jCUaNbVaLhgCi9ylvGEpy6Ku7ilbpnOgCAldzTcPQ2m9 xn4EDGfYjUpuzqQWsjMjGiYSuWIxXv7ci2IxqkQ4KH1wctYsGsy0Ymgfwf4kMhABeNI/ lwcAdxtMWb7uhiwgoj1FWjAAy2Iy/hJKCurlY98vDdv1BgvBmfmQKetaaAjmJPgCy3YD BheA== MIME-Version: 1.0 X-Received: by 10.52.117.16 with SMTP id ka16mr16689921vdb.43.1370424440337; Wed, 05 Jun 2013 02:27:20 -0700 (PDT) In-Reply-To: References: <20a49aac-3867-481f-96d4-c95a050781ed@googlegroups.com> <51AD70E8.70506@gmail.com> <6c0ed9da-0f29-4b6b-a804-771763454dd4@googlegroups.com> <4ed43a69-0dfe-4078-a836-db5201811761@googlegroups.com> <2e1dbdc2-6bca-4c4e-93b0-4c0cddb72bc1@googlegroups.com> <03d8964e-7cea-4072-b1f1-19d83e494191@googlegroups.com> <4b65cdfe-b6c2-4d97-8623-77b10711bf78@googlegroups.com> <2ecc95c4-6114-49a6-ad47-df7bae4adfde@googlegroups.com> <592c84d8-2e86-4480-b784-c3ccadc8360d@googlegroups.com> <06fd6c2e-0979-4d61-b75a-6d9df7c1b624@googlegroups.com> <70390d65-5313-46bf-8110-b25f5fc9f76f@googlegroups.com> <8d52505a-7252-419b-8b4f-61e5ee56a78a@googlegroups.com> <2aef9194-ef36-45db-8c77-9510d3f14ebe@googlegroups.com> Date: Wed, 5 Jun 2013 19:27:20 +1000 Subject: Re: Apache and suexec issue that wont let me run my python script From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 21 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1370424443 news.xs4all.nl 15959 [2001:888:2000:d::a6]:49536 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:47046 On Wed, Jun 5, 2013 at 7:14 PM, =CD=E9=EA=FC=EB=E1=EF=F2 =CA=EF=FD=F1=E1=F2= wrote: > NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WH= OLE SYSTEM OUT BY 'RM -RF /' Yes. Actually, yes. Do you understand now what you have done by giving your password to multiple people? This is *completely* different from asking for help. You are giving someone complete access to do ANYTHING and without even being logfiled (try it - can you find out what I did? You'll be able to find a few things, like what IP addresses I logged in from, but not everything); this is something that you simply do not EVER do. And rm -rf / (by the way, it wouldn't work if I shouted at your computer the way you're shouting at me) is actually not the worst thing I could do. If one of your clients accepts credit cards from his customers and stores them, I could compromise your client's customers. They have a measure of trust in the web server; you are betraying that trust by letting me in. ChrisA