Path: csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!cs.uu.nl!news.stack.nl!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.104
X-Spam-Level: *
X-Spam-Evidence: '*H*': 0.79; '*S*': 0.00; 'charset:iso-8859-7': 0.04; 'root': 0.05; 'correct.': 0.07; 'already.': 0.09; 'attack.': 0.09; 'oh,': 0.09; 'root,': 0.09; 'skip:$ 20': 0.09; 'exploits': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'maliciously': 0.16; 'wrote:': 0.18; 'server,': 0.19; '>>>': 0.22; 'example': 0.22; 'him.': 0.24; 'server.': 0.24; 'script': 0.25; 'shown': 0.26; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'to?': 0.30; 'message-id:@mail.gmail.com': 0.30; 'too.': 0.31; 'directory,': 0.31; 'restricted': 0.31; 'steven': 0.31; 'anyone': 0.31; 'file': 0.32; 'run': 0.32; 'linux': 0.33; 'fri,': 0.33; 'not.': 0.33; "i'd": 0.34; 'could': 0.34; 'knows': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'really': 0.36; '14,': 0.36; 'himself': 0.36; 'passwords': 0.36; "didn't": 0.36; 'too': 0.37; 'level': 0.37; 'to:addr:python-list': 0.38; 'list,': 0.38; 'ability': 0.39; 'to:addr:python.org': 0.39; 'system.': 0.39; 'how': 0.40; 'easy': 0.60; 'access,': 0.60; 'full': 0.61; "you're": 0.61; "you've": 0.63; 'act': 0.63; 'offering': 0.63; 'within': 0.65; 'world': 0.66; 'managing': 0.66; 'biggest': 0.67; 'believe': 0.68; 'account?': 0.68; 'late.': 0.68; 'home': 0.69; 'social': 0.69; 'obvious': 0.74; 'lack': 0.78; 'does?': 0.84; 'done;': 0.84; "it'd": 0.84; 'mistakes': 0.93; 'remember,': 0.93; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=VLOTF+f69P42TxxXsaCsyIKllh5oBE4xLMYtoaZUOeQ=; b=ldlol0OiBm8HCHI074+1FnvKGQAa6mWckobTZ1OkLLdHbfB5BGXwHBAGMTo6+P6woP gXMslClZV3/xpp5RxgpcIjQIgYyuWdKRgARaHDjxAR82y9dyyMHSwaFnD9ZkvM0IEV65 ZFLtQyQQsc2XZv/ZmpoUBygI+OYQ8GXaNLSvkNA/Z6fB8lLsYNnm08F8VuvLjlOxrVGX MSqoHhGCKNHrrfAAad6u7gI28z53Jd5jXc5Z1OtykwOrn2lP4BlhbxCgYtOzcGsSvw8Z Zi90foCNdZZJsSdfjn8Wc8uATE3Xtk7c1AGw0rVR8Npc4CzuBxYxWy+A2kFH88aA+69s aPwQ==
MIME-Version: 1.0
X-Received: by 10.220.112.76 with SMTP id v12mr1171919vcp.63.1371159966114; Thu, 13 Jun 2013 14:46:06 -0700 (PDT)
In-Reply-To: <kpd0kp$21co$8@news.ntua.gr>
References: <kp99ug$v4c$1@news.ntua.gr> <51b83b6d$0$29998$c3e8da3$5496439d@news.astraweb.com> <kp9j6l$2tle$1@news.ntua.gr> <kpbq1h$qvk$5@news.ntua.gr> <mailman.3205.1371136676.3114.python-list@python.org> <kpcrfn$21co$2@news.ntua.gr> <mailman.3212.1371144454.3114.python-list@python.org> <kpd0kp$21co$8@news.ntua.gr>
Date: Fri, 14 Jun 2013 07:46:05 +1000
Subject: Re: Turnign greek-iso filenames => utf-8 iso
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-7
Content-Transfer-Encoding: quoted-printable
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.3228.1371159967.3114.python-list@python.org>
Lines: 41
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1371159967 news.xs4all.nl 15946 [2001:888:2000:d::a6]:35158
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:48027

On Fri, Jun 14, 2013 at 3:48 AM, =CD=E9=EA=FC=EB=E1=EF=F2 =CA=EF=FD=F1=E1=
=F2 <support@superhost.gr> wrote:
> On 13/6/2013 8:27 =EC=EC, Zero Piraeus wrote:
>>
>> :
>>
>>> But iam not offering Steven full root access, but restricted user level
>>> access. Are you implying that for example one could elevate his
>>> privileges
>>> to root level access form within a normal restricted user account?
>>
>>
>> I am implying that your demonstrated lack of ability means that *you
>> don't know* what Steven or anyone else could do with user-level
>> access. Elsewhere on this list, you've been shown that you're
>> publishing database passwords to the whole world in plaintext. Who
>> knows what other mistakes you've made? Who knows how
>> $STRANGER_YOU_TRUST_THIS_WEEK could exploit your (proven to be
>> insecure) setup if they had a mind to?
>>
>>> I trust him.
>
>
> You are right, but i still believe Stevn would not act maliciously in the
> server.  He proved himself very helpfull already.

You thought that about me, too. (And you were still correct. I did not
act maliciously, I just didn't do what you thought I'd do.) By the
time you know what someone will do with your server, it is too late.
And remember, I made it really obvious what I'd done; someone else may
well not.

Oh, and as to privilege escalation... there have been exploits found
in various applications, but the biggest one *ever* is the social
attack. It'd be VERY easy for Steven to get access, put a file in his
home directory, ask you to run it as root, and give himself full
access. And how would you know what that script does? You are
incompetent at managing a Linux system. You would be compromised
faster than an unpatched XP.

ChrisA