python adds an extra half space when reading from a string or list

Νίκος nikos at superhost.gr
Wed Jul 3 13:07:13 EDT 2013 

Στις 3/7/2013 7:53 μμ, ο/η Chris Angelico έγραψε:
> On Thu, Jul 4, 2013 at 2:47 AM, Νίκος <nikos at superhost.gr> wrote:
>> Στις 3/7/2013 6:44 μμ, ο/η Chris Angelico έγραψε:
>>>
>>> On Thu, Jul 4, 2013 at 1:36 AM, ����� <nikos at superhost.gr> wrote:
>>>>
>>>> I will *not* give away my root pass to anyone for any reason but i will
>>>> open
>>>> a norla user account for someone if i feel like trusting him and copy my
>>>> python file to his homr dir to take alook from within.
>>>
>>>
>>> Well... well... baby steps. That's something at least. That's still a
>>> huge level of access, though; with a non-root account on your server,
>>> I would be able to - I think - read all your customers' code. You
>>> would have to chroot the user you give, and if you're going to do
>>> that, you may as well just give the code as a .py file. Really, you
>>> need to have a MUCH stronger respect for shell access, even non-root.
>>>
>>> ChrisA
>>>
>> I did not understand you.
>>
>> How with a  normal user account named "chris" how will you be able to ready
>> my customers html files and even my python scripts?
>>
>> I feel the urge to open you one just to see if you can do it or not.....but
>> i'm also scared....
>
> What are the file permissions (file modes) on all your home
> directories? Do you know what they mean?

root at nikos [~]# ls -al /home
total 88
drwx--x--x 22 root     root     4096 Jul  3 20:03 ./
drwxr-xr-x 22 root     root     4096 Jun 12 01:21 ../
drwx--x--x 14 akis     akis     4096 Apr  5 22:21 akis/
same with others just +x for group and others.

Does that mean you can easily i.e. 'cd /home/akis/' accessing their home 
directories?

Shall i 'chmod -x /home/dirs' ?

> I'm happy to take you up on that offer if you need another lesson in
> not giving out shell access. And don't forget, privilege escalation
> attacks do exist.

Yes they do, but cPanel offers some protection against these kind of 
methods called "CPHulk" so it wont be easy!


-- 
What is now proved was at first only imagined!

More information about the Python-list mailing list