Apache and suexec issue that wont let me run my python script

Νικόλαος Κούρας nikos.gr33k at gmail.com
Wed Jun 5 14:08:06 EDT 2013 

Τη Τετάρτη, 5 Ιουνίου 2013 8:47:38 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας <nikos.gr33k at gmail.com> wrote:
> 
> > Now about what you did to me. I wanted to tell you that I (and I am sure there are other people too) don't agree with what you did. I think it was pretty rotten -- you told me it was a bad idea to give out the root password and that was as far as you should have gone, you had no right to "prove" it by screwing with my system.
> 
> >
> 
> > In the US there is a law called the DMCA which I think would make what
> 
> > you did illegal, even though i have you a password, because i
> 
> > clearly gave you access to help me fix a problem, not to do what you
> 
> > did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia...
> 
> 
> 
> IANAL, but I don't think the DMCA has anything to do with this. (That
> 
> is to say, I don't think it would even if everything were under US
> 
> jurisdiction, which as you say isn't the case anyway.) What I did is
> 
> no more illegal than you lending your car keys to a stranger with the
> 
> request that he lock your door for you, and him then leafing through
> 
> the contents of your car and telling your spouse what he found. If
> 
> that causes your marriage to break up, the fault was with you for
> 
> having something in your car that would break up your marriage, and
> 
> for letting a stranger poke around in there.
> 
> 
> 
> > I still maintain my belief that most people are good and want to help
> 
> > rather than be destructive(which to your defense you weren't entirely. The mails you sent to my few customers though really pissed me off).
> 
> 
> 
> The mails to your customers stop you from pretending to them that you
> 
> know what you're doing. That's all. Now, you may be able to come back
> 
> from this by making a public change of policy (you so far have a
> 
> declared stance that you would give out the root password to someone
> 
> else in future) and apologizing profusely to your customers, but if
> 
> you can't, that is your problem and not mine.
> 
> 
> 
> I was programming computers for eighteen years before I got a job
> 
> doing it. Getting money for hosting people's web sites is something
> 
> that you should see as a privilege for people who can demonstrably
> 
> provide this service safely, and should not be something you strive
> 
> for while you're learning the basics of Linux.
> 
> 
> 
> > And of course, i have no idea, if you ahve installed some kind of a backdoor utility that will grant you shell access via ssh to my system.
> 
> > I want to convince myself that you haven't done so.
> 
> 
> 
> I can help with that convincing. No, I did not install any sort of
> 
> backdoor. There is no way you can prove that statement, but you have
> 
> my promise and pledge that your system is safe from me. All I did was:
> 
> 
> 
> 1) Change the root password, storing the new one in a way that you could find it
> 
> 2) Create the cookie file as proof of what I could do
> 
> 3) Collect email addresses from /home/*/.contactemail
> 
> 4) Inspect the index.html files in a few directories as a means of
> 
> locating the web sites concerned
> 
> 5) 'mv .bash_history .bash_history_old', and later mv it back
> 
> 
> 
> There is no ongoing access, and now that you've changed the root
> 
> password (btw, I hope you weren't silly enough to change it to the
> 
> same password you emailed me), the system is under your control again.
> 
>  But you cannot be sure that the *other* people you've given root
> 
> access to didn't do the same.

Every time i granted access to other folks when jobs done i alwaws 'passwd' as root to avoid unwanted access.

All customers are also my friends and they like me and trust me. I also fix their computers too and use "TeamViewer" many times to help them from home.

Still, all of your doing could be avoided if isntead of fiddlign with my clients, you would actually try to provide a helping had.

Anyway, i should'n have given root access to you, i was a bit worried doing so, but i was also under stress of also correcting this damn encoding issue and i wanted to think you would be the one that finally help solving it.

I was wrong. But no matter what you say i won't lose my beleif hat if for example i have given access to Steven, things could have turn into a positive solution.

You shouldnt have gone "that far", just to prove a point.
Its not that malicious activity didn't occur to me that migth happen, i just like to think that it wont.

Any way, enough said.

More information about the Python-list mailing list