python adds an extra half space when reading from a string or list

Chris Angelico rosuav at gmail.com
Wed Jul 3 19:23:34 CEST 2013


On Thu, Jul 4, 2013 at 3:07 AM, Νίκος <nikos at superhost.gr> wrote:
> Στις 3/7/2013 7:53 μμ, ο/η Chris Angelico έγραψε:
>> What are the file permissions (file modes) on all your home
>> directories? Do you know what they mean?
>
>
> root at nikos [~]# ls -al /home
> total 88
> drwx--x--x 22 root     root     4096 Jul  3 20:03 ./
> drwxr-xr-x 22 root     root     4096 Jun 12 01:21 ../
> drwx--x--x 14 akis     akis     4096 Apr  5 22:21 akis/
> same with others just +x for group and others.
>
> Does that mean you can easily i.e. 'cd /home/akis/' accessing their home
> directories?

Yes.

> Shall i 'chmod -x /home/dirs' ?

Only if you know what it will do. Your solutions to problems always
seem to be "If I do this, will the problem be fixed?" without
demonstrating any understanding of what will be changed. Maybe you do
know and aren't showing it, but I suspect that (in many cases at
least) you simply do not understand what you are doing.

>> I'm happy to take you up on that offer if you need another lesson in
>> not giving out shell access. And don't forget, privilege escalation
>> attacks do exist.
>
>
> Yes they do, but cPanel offers some protection against these kind of methods
> called "CPHulk" so it wont be easy!

Neat. Now I know how to lock you out of your own account. Five seconds
with Google brought this up:

http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/CPHulk

Can you, by reading that page, tell me what I would have to do to stop
you from accessing your login?

Also, CPHulk does not appear to have _any_ protection against
privilege escalation. It's a completely different thing. So once
again, it appears - maybe that appearance is wrong - that you have
done something that "ought to fix security" without knowing anything
about what it actually does.

ChrisA



More information about the Python-list mailing list