Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder3.xlned.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.079
X-Spam-Evidence: '*H*': 0.85; '*S*': 0.00; 'root': 0.05; '*not*': 0.07; 'permissions': 0.09; 'subject:extra': 0.09; 'subject:string': 0.09; 'python': 0.11; '(file': 0.16; '.py': 0.16; 'exist.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'least.': 0.16; 'subject:when': 0.16; 'subject:python': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'server,': 0.19; 'thu,': 0.19; '>>>': 0.22; 'shell': 0.22; 'file.': 0.24; 'pass': 0.26; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'am,': 0.29; 'subject:list': 0.30; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'code': 0.31; 'really,': 0.31; 'anyone': 0.31; 'file': 0.32; 'another': 0.32; 'open': 0.33; 'subject:from': 0.34; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'level': 0.37; 'to:addr:python-list': 0.38; 'files': 0.38; 'that,': 0.38; 'to:addr:python.org': 0.39; 'how': 0.40; 'even': 0.60; 'read': 0.60; 'access,': 0.60; "you're": 0.61; 'you.': 0.62; 'offer': 0.62; 'account': 0.65; 'customers': 0.66; 'home': 0.69; 'respect': 0.70; '8bit%:92': 0.71; '8bit%:100': 0.72; 'jul': 0.74; "customers'": 0.84; 'skip:\xef 10': 0.84; 'stronger': 0.84; 'subject:space': 0.84; 'steps.': 0.91; 'urge': 0.91; 'baby': 0.95; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=C6uWz4kIPebzOFYIsFNhU/yadRC7lgoBU0wKXUuGWYc=; b=MFHv93m3KVa8PmUkbOMHGB+tbIWtjkdRTSEJlqohwONlU0TGNB3i0wozcXwwy7FAjK Ujkbd7ocpJcVLwqw/ZvnWjBNOUUncFGW1/ZC02ynhWXQixCf1ChFWb9r6S8khCSKTbSM DUCYh88+wOUBJMktMTLi4cbkfQ0IQMC+7UKTtfD1aU2HuRBXp0UbvqN3NScuggpWo5uF eKL1nupeyIQkCIpaAilRZsUrkvz4oZzLeXydfsRrjMuauVb+XASq3M3rd5rLWkAO208u c4feMfhBWRldCtCoLcUvKGz6+LA2uKDElKG3Ly5SwJjvJV2uYxQV/A4++7iLLY9aTBXh voDQ==
MIME-Version: 1.0
X-Received: by 10.59.9.69 with SMTP id dq5mr505503ved.87.1372870397702; Wed, 03 Jul 2013 09:53:17 -0700 (PDT)
In-Reply-To: <kr1kit$ta4$1@news.grnet.gr>
References: <CAKP_0cVuK07_DNkA3oHnFbYNaGNYw-EEMaWAhgLRRvYbpmsPPQ@mail.gmail.com> <kqs06l$ir0$2@news.grnet.gr> <51d1a173$0$29999$c3e8da3$5496439d@news.astraweb.com> <ac6abb36-ae5f-4627-b196-24a6255d4347@googlegroups.com> <CAN1F8qUWj3tC85nWq5nUG8rVz6eP9-sGop41b6WLoDqAGxAuDw@mail.gmail.com> <51D1D484.5070309@rece.vub.ac.be> <CAN1F8qUiACxdjRG9owui75cG4yAGtf-UXqG_Z+KSCqJLeKFjbA@mail.gmail.com> <51D27FB9.7040406@rece.vub.ac.be> <CAN1F8qWOeF9Er0bofaRYsyW4EKg4NJOhBNCTnC=pfAOSYU+rUg@mail.gmail.com> <51D2C113.6070105@rece.vub.ac.be> <CAN1F8qV_Qj6oyyzMuRdhsw4okvRDKm3rNXRTC=OuuFj5bOYynQ@mail.gmail.com> <mailman.4132.1372804454.3114.python-list@python.org> <1264cfb9-f451-40e3-9d59-0619547c8138@googlegroups.com> <51D3ED24.9030202@rece.vub.ac.be> <mailman.4157.1372844725.3114.python-list@python.org> <kr0snf$d5j$1@news.grnet.gr> <mailman.4173.1372862677.3114.python-list@python.org> <kr1gds$sq9$1@news.grnet.gr> <mailman.4176.1372866263.3114.python-list@python.org> <kr1kit$ta4$1@news.grnet.gr>
Date: Thu, 4 Jul 2013 02:53:17 +1000
Subject: Re: python adds an extra half space when reading from a string or list
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.4180.1372870401.3114.python-list@python.org>
Lines: 42
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1372870401 news.xs4all.nl 16007 [2001:888:2000:d::a6]:42064
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:49756

On Thu, Jul 4, 2013 at 2:47 AM, =CE=9D=CE=AF=CE=BA=CE=BF=CF=82 <nikos@super=
host.gr> wrote:
> =CE=A3=CF=84=CE=B9=CF=82 3/7/2013 6:44 =CE=BC=CE=BC, =CE=BF/=CE=B7 Chris =
Angelico =CE=AD=CE=B3=CF=81=CE=B1=CF=88=CE=B5:
>>
>> On Thu, Jul 4, 2013 at 1:36 AM, =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=
=BF=BD <nikos@superhost.gr> wrote:
>>>
>>> I will *not* give away my root pass to anyone for any reason but i will
>>> open
>>> a norla user account for someone if i feel like trusting him and copy m=
y
>>> python file to his homr dir to take alook from within.
>>
>>
>> Well... well... baby steps. That's something at least. That's still a
>> huge level of access, though; with a non-root account on your server,
>> I would be able to - I think - read all your customers' code. You
>> would have to chroot the user you give, and if you're going to do
>> that, you may as well just give the code as a .py file. Really, you
>> need to have a MUCH stronger respect for shell access, even non-root.
>>
>> ChrisA
>>
> I did not understand you.
>
> How with a  normal user account named "chris" how will you be able to rea=
dy
> my customers html files and even my python scripts?
>
> I feel the urge to open you one just to see if you can do it or not.....b=
ut
> i'm also scared....

What are the file permissions (file modes) on all your home
directories? Do you know what they mean?

I'm happy to take you up on that offer if you need another lesson in
not giving out shell access. And don't forget, privilege escalation
attacks do exist.

ChrisA