Apache and suexec issue that wont let me run my python script

[Νικόλαος Κούρας]

Τη Τετάρτη, 5 Ιουνίου 2013 8:16:46 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας <nikos.gr33k at gmail.com> wrote:
> 
> > Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> 
> >> In fact, I didn't even bother fiddling with syslog. All I did was
> 
> >> .bash_history. Of course, I wasn't worried about you getting my IP
> 
> >> addresses (one of them is public anyway, and the other isn't mine any
> 
> >> longer than I'm using it), and nothing I did there was sufficiently
> 
> >> serious to be worth hiding, but I just did the history so I could
> 
> >> point out how easy this is.
> 
> >
> 
> > So, by executing .bash_history commands issued are cleared. okey.
> 
> > What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog can the latter show me what commands have been executed, files opened, commands given, services started-stopped etc?
> 
> 
> 
> Poke around in /var/log - I didn't tamper with anything there, so you
> 
> may well find log entries. But I don't know for sure what I did and
> 
> what I didn't do.
> 
> 
> 
> >> and nothing I did there was sufficiently serious to be worth hiding.
> 
> >
> 
> > Actually i believ you, because if you had malice in mind you could 'rm -rf /' or deface frontpages which you didnt do.
> 
> >
> 
> > But is there a way for me to see what commands have been issued? syslog perhaps as ia sk above?
> 
> > Since you didn't hurm the system why the need of wipe clean bash's history?
> 
> 
> 
> There won't be a full list of all commands, but you may find some
> 
> hints. And why wipe it? Just to show how easily it could be done.
> 
> Imagine if I'd:
> 
> 
> 
> 1) Created a new user, with a home directory of /etc
> 
> 2) Made a setuid root binary that gives me a shell
> 
> 3) Removed all logfile traces of having done so
> 
> 
> 
> I could then *retain full access* even after you change the root
> 
> password. And you would not know what I'd done, if I do the logfile
> 
> wipes correctly. You might see some hint (eg that logs were rotated
> 
> prematurely), but it'd be extremely hard to figure out what I did.

Forensics is not my strong point, currently i'm learning linux hence i only have basic knowledge just to get some basic stuff up and running.

Now about what you did to me. I wanted to tell you that I (and I am sure there are other people too) don't agree with what you did. I think it was pretty rotten -- you told me it was a bad idea to give out the root password and that was as far as you should have gone, you had no right to "prove" it by screwing with my system. 

In the US there is a law called the DMCA which I think would make what
you did illegal, even though i have you a password, because i
clearly gave you access to help me fix a problem, not to do what you
did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia...

I decided a long time ago the certain people on the Python list were
assholes, you leading the list followed by alex23, Mark Lawrence 
and several more. Your post about how you are a good Christian just 
confirms to me that you aren't -- people who brag about how moral they
are are usually immoral. And besides the major assholes, there are
lots of people there that will just agree with prevailing opinion 
without thinking for themselves.

I still maintain my belief that most people are good and want to help
rather than be destructive(which to your defense you weren't entirely. The mails you sent to my few customers though really pissed me off).

And of course, i have no idea, if you ahve installed some kind of a backdoor utility that will grant you shell access via ssh to my system.
I want to convince myself that you haven't done so.