On Thu, Jul 4, 2013 at 3:07 AM, Νίκος <ni...@superhost.gr> wrote: > Στις 3/7/2013 7:53 μμ, ο/η Chris Angelico έγραψε: >> What are the file permissions (file modes) on all your home >> directories? Do you know what they mean? > > > root@nikos [~]# ls -al /home > total 88 > drwx--x--x 22 root root 4096 Jul 3 20:03 ./ > drwxr-xr-x 22 root root 4096 Jun 12 01:21 ../ > drwx--x--x 14 akis akis 4096 Apr 5 22:21 akis/ > same with others just +x for group and others. > > Does that mean you can easily i.e. 'cd /home/akis/' accessing their home > directories?
Yes. > Shall i 'chmod -x /home/dirs' ? Only if you know what it will do. Your solutions to problems always seem to be "If I do this, will the problem be fixed?" without demonstrating any understanding of what will be changed. Maybe you do know and aren't showing it, but I suspect that (in many cases at least) you simply do not understand what you are doing. >> I'm happy to take you up on that offer if you need another lesson in >> not giving out shell access. And don't forget, privilege escalation >> attacks do exist. > > > Yes they do, but cPanel offers some protection against these kind of methods > called "CPHulk" so it wont be easy! Neat. Now I know how to lock you out of your own account. Five seconds with Google brought this up: http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/CPHulk Can you, by reading that page, tell me what I would have to do to stop you from accessing your login? Also, CPHulk does not appear to have _any_ protection against privilege escalation. It's a completely different thing. So once again, it appears - maybe that appearance is wrong - that you have done something that "ought to fix security" without knowing anything about what it actually does. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
