Path: csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.010 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'subject:error': 0.03; 'subject:: [': 0.04; 'subject:file': 0.07; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 's/he': 0.16; 'subject:] [': 0.16; 'writable': 0.16; 'www': 0.16; 'folder': 0.16; 'wrote:': 0.18; 'normally': 0.19; 'thu,': 0.19; 'aug': 0.22; 'lets': 0.24; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; 'running': 0.33; "can't": 0.35; 'no,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'should': 0.36; 'server': 0.38; 'to:addr:python-list': 0.38; 'files': 0.38; 'to:addr:python.org': 0.39; 'even': 0.60; 'more': 0.64; 'home': 0.69; '4:44': 0.91; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=DTgfSW1U8/o8nUXSpZZQy8nD/EwNTuIopkz930FRSdY=; b=OP4cg6XLaf8BiFQTG+KhKgxd9MExMtUIB0SL+FAukLjAdWAA4RXYK22fXqwjYDA3ZZ NhaT0fU4i6OTwKJdl5EI3k6+x6B0kDmJZu73iVhpvUA59jOGvzDxCDjy9zJtiuxH6T5P Go87v9I9eADQ07FTbdtPJoasgqH8NxQLtTaFZWp4E+3vXYvXcF8s89AB0u3HVTDErSsD /RfaAp/FcGEa89YICTSunZw1sNAisPaRhfZggkVnIvFomUS87jAzfNQtMfGKe+n1rNdm 9Ry4c0xuWQNaMZp8PuIM6hknAsFNGNsHohctx+EpoyvPqIoztBcpaPZY/b261hHmbm5T tbTw== MIME-Version: 1.0 X-Received: by 10.58.199.133 with SMTP id jk5mr101442vec.63.1377730534619; Wed, 28 Aug 2013 15:55:34 -0700 (PDT) In-Reply-To: <5B80DD153D7D744689F57F4FB69AF47418695494@SCACMX008.exchad.jpmchase.net> References: <39be9227-c800-49a5-850d-f387c30d1e9d@googlegroups.com> <73c7b08d-5349-49ba-b945-6d87795088bf@googlegroups.com> <85e059ef-9717-4101-910a-379a5ebd0522@googlegroups.com> <68f49226-7f00-489b-bfc0-267bd00aa356@googlegroups.com> <5B80DD153D7D744689F57F4FB69AF47418695494@SCACMX008.exchad.jpmchase.net> Date: Thu, 29 Aug 2013 08:55:34 +1000 Subject: Re: [error] [client 178.59.111.223] (2)No such file or directory: exec of From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 14 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1377730537 news.xs4all.nl 16009 [2001:888:2000:d::a6]:50205 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:53190 On Thu, Aug 29, 2013 at 4:44 AM, Prasad, Ramit wrote: > Normally I would have thought you would have a public_html or www directory in your > home folder that would be readable/writable to the web server (and where you should > write). No, a normal setup would have that world-readable but not writable. That way, even if an exploit is found in your web site that lets an attacker write files, s/he can't upload more files to the web server's directory and start running them. A directory writable by the web server might be /tmp. ChrisA