Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder2.hal-mli.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.058 X-Spam-Evidence: '*H*': 0.88; '*S*': 0.00; 'charset:iso-8859-7': 0.04; 'correct.': 0.07; 'already.': 0.09; 'attack.': 0.09; 'happen.': 0.09; 'mess': 0.09; 'oh,': 0.09; 'root,': 0.09; 'typed': 0.09; 'changes': 0.15; 'bugs.': 0.16; 'door,': 0.16; 'exploits': 0.16; 'invoking': 0.16; 'logon': 0.16; 'maliciously': 0.16; 'unix,': 0.16; 'wrote:': 0.18; 'do.': 0.18; 'server,': 0.19; 'command': 0.22; '(in': 0.22; 'header:User-Agent:1': 0.23; 'lets': 0.24; 'guys': 0.24; 'server.': 0.24; 'file.': 0.24; 'source': 0.25; 'script': 0.25; 'first,': 0.26; 'header:In-Reply-To:1': 0.27; 'installed': 0.27; 'chris': 0.29; 'am,': 0.29; 'unix': 0.29; 'program,': 0.31; 'code': 0.31; 'too.': 0.31; 'directory,': 0.31; 'disabled': 0.31; 'steven': 0.31; 'trivial': 0.31; 'file': 0.32; 'run': 0.32; 'linux': 0.33; 'running': 0.33; 'fri,': 0.33; 'not.': 0.33; "i'd": 0.34; 'except': 0.35; 'editor': 0.35; 'but': 0.35; 'there': 0.35; 'really': 0.36; '14,': 0.36; 'himself': 0.36; 'machine.': 0.36; "didn't": 0.36; 'behind': 0.37; 'too': 0.37; 'system,': 0.38; 'tools,': 0.38; 'to:addr:python-list': 0.38; 'files': 0.38; 'pm,': 0.38; 'sure': 0.39; 'to:addr:python.org': 0.39; 'system.': 0.39; 'how': 0.40; 'even': 0.60; 'easy': 0.60; 'access,': 0.60; 'deleting': 0.60; 'full': 0.61; 'new': 0.61; 'entire': 0.61; "you're": 0.61; 'act': 0.63; 'such': 0.63; 'our': 0.64; 'more': 0.64; 'virus': 0.65; 'managing': 0.66; 'side': 0.67; 'biggest': 0.67; 'believe': 0.68; 'late.': 0.68; 'received:74.208': 0.68; 'home': 0.69; 'social': 0.69; 'obvious': 0.74; 'restore': 0.78; 'does?': 0.84; 'done;': 0.84; "it'd": 0.84; 'received:74.208.4.194': 0.84; 'remember,': 0.93; '2013': 0.98 Date: Thu, 13 Jun 2013 18:20:51 -0400 From: Dave Angel User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 MIME-Version: 1.0 To: python-list@python.org Subject: Re: Turnign greek-iso filenames => utf-8 iso References: <51b83b6d$0$29998$c3e8da3$5496439d@news.astraweb.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-7; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:rsn3Yx5lIosXQEBMd/9jvMOvLpOD7ZrluGOnHo9jmq+ MjmbQMn/Oo+eeF9vHsh7UNN6PZWt4/IXYXYYBsMQhKhqBi8dn9 /meGP8s3pvQ3uHrZbA7jIUD0ZAIcx8QDhQhwTXfqcjZ0MY/SaH kOo3LU0cbqKGZMWcfkm+3vgcv4eIK2LiYfrkTcE5hQ6I7griMt doUR/O1u6cLF6d88EwPZavlQUVr2zeSgOC7466Cn+EbLNVXLTe 7g4cYf9IyAZHJ0yYwXMI9p0SvUItRFCHmkn2gf8EQEsyKOwI2P hKejDvqKuOFx8eZVSpPC5swTo25hHVSKTRHazxmt/CcUkVZ9Q= = X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 47 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1371162070 news.xs4all.nl 15931 [2001:888:2000:d::a6]:51507 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:48034 On 06/13/2013 05:46 PM, Chris Angelico wrote: > On Fri, Jun 14, 2013 at 3:48 AM, Νικόλαος Κούρας wrote: >> >> >> >> You are right, but i still believe Stevn would not act maliciously in the >> server. He proved himself very helpfull already. > > You thought that about me, too. (And you were still correct. I did not > act maliciously, I just didn't do what you thought I'd do.) By the > time you know what someone will do with your server, it is too late. > And remember, I made it really obvious what I'd done; someone else may > well not. > > Oh, and as to privilege escalation... there have been exploits found > in various applications, but the biggest one *ever* is the social > attack. It'd be VERY easy for Steven to get access, put a file in his > home directory, ask you to run it as root, and give himself full > access. And how would you know what that script does? You are > incompetent at managing a Linux system. You would be compromised > faster than an unpatched XP. > > ChrisA > Perhaps more relevant is changes that are made by mistake, or by side effect of software tools, or by virus or by adware. When you unlock a door, you're never sure just what will happen. This is why even with my own system, I use the least-privileged logon that lets me do what I need to do. I was involved in cleaning up the mess left behind by some guys who installed an April-fools joke on their boss' machine. They didn't mean any harm, but there code had bugs. And when new to Unix, I once typed a very complicated command (involving the find program, but also invoking other code) which would have had the final effect of deleting our entire source tree, including the (RCS) source control. I would have tested the operation first, except that some fool disabled the editor for csh when running as root. Anyway, the only thing that saved me was that Unix (in that era) had such a slow file system that I was able to kill it before it deleted a half-dozen file. Nothing volatile was lost, and the missing files were trivial to restore from the daily backup tapes. -- DaveA