Re: Failure in running "system" from within perl within apache
On Thu, Apr 07, 2005 at 06:55:57PM +0300, Shachar Shemesh wrote: > Yedidyah Bar-David wrote: > > >If you do, note you can't strace a suid exec. To do this, strace -p > >as root. > > > > > From the strace man page: > If strace is installed setuid to root then the invoking user > will be able to attach to and trace pro- > cesses owned by any user. In addition setuid and setgid programs > will be executed and traced with the > correct effective privileges. > > So there is a solution. If you want to use this solution, please do read > the rest of that section at the strace man page, as creating an insecure > setup using this feature is amazingly easy. Indeed. That's why I usually simply attach with -p. Note that if you try a non-suid strace with something like (as root) # strace -f -o out1 su - user -c command where command eventually runs a suid exec, it won't work well. At least it was so the last time I tried. I am not sure this is a bug, though. -- Didi = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Failure in running "system" from within perl within apache
Yedidyah Bar-David wrote: On Thu, Apr 07, 2005 at 06:55:57PM +0300, Shachar Shemesh wrote: Yedidyah Bar-David wrote: If you do, note you can't strace a suid exec. To do this, strace -p as root. From the strace man page: If strace is installed setuid to root then the invoking user will be able to attach to and trace pro- cesses owned by any user. In addition setuid and setgid programs will be executed and traced with the correct effective privileges. So there is a solution. If you want to use this solution, please do read the rest of that section at the strace man page, as creating an insecure setup using this feature is amazingly easy. Indeed. That's why I usually simply attach with -p. You can't use -p on a SUID program that takes less than half a second to run. Just not feasible. Note that if you try a non-suid strace with something like (as root) # strace -f -o out1 su - user -c command where command eventually runs a suid exec, it won't work well. At least it was so the last time I tried. I am not sure this is a bug, though. The documentation seems to suggest this is not a bug (or, at least, a documented behavior). It specifically says that tracing SUID executables is only possible if strace is itself SUID root. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Failure in running "system" from within perl within apache
On Fri, Apr 08, 2005 at 10:24:22AM +0300, Shachar Shemesh wrote: > You can't use -p on a SUID program that takes less than half a second to > run. Just not feasible. So put a sleep in front. If it's not your program, use ptrace to put a sleep in front ;-) Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ signature.asc Description: Digital signature
Re: Failure in running "system" from within perl within apache
Muli Ben-Yehuda wrote: On Fri, Apr 08, 2005 at 10:24:22AM +0300, Shachar Shemesh wrote: You can't use -p on a SUID program that takes less than half a second to run. Just not feasible. So put a sleep in front. If it's not your program, use ptrace to put a sleep in front ;-) Cheers, Muli Remind me how you ptrace a SUID program again, will you? Not to mention that I don't think strace will have much success in attaching to a program I'm ptracing... Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Failure in running "system" from within perl within apache
On Fri, Apr 08, 2005 at 10:55:38AM +0300, Shachar Shemesh wrote: > Remind me how you ptrace a SUID program again, will you? Using a setuid helper or running as root of course ;-) > Not to mention > that I don't think strace will have much success in attaching to a > program I'm ptracing... It won't, you need some simple hand-off protocol. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ signature.asc Description: Digital signature
XRoot not visible with KDE wallpaper?
Hi all, I have had a sudden nostalgic yearning to xroach, for reasons I will not delve into here. Let's just say that it is not my desktop I wish to run it on. I tried to run "groach", which is the modern (gtk) replacement, but nothing. I then hunted through google (and believe me, it was some hunting) until I found the original (source only). I compiled it, and it runs fine, except no cockroaches appear. I suspect that the KDE wallpaper, in some way, is displayed ABOVE the cockroaches. As we all know, merely hiding an infestion is no way to solve it. So, any chance of reviving this old stuff? Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: XRoot not visible with KDE wallpaper?
On Friday 08 April 2005 14:25, you wrote: > Hi all, > > I have had a sudden nostalgic yearning to xroach, for reasons I will not > delve into here. Let's just say that it is not my desktop I wish to run > it on. > > I tried to run "groach", which is the modern (gtk) replacement, but > nothing. I then hunted through google (and believe me, it was some > hunting) until I found the original (source only). I compiled it, and it > runs fine, except no cockroaches appear. > > I suspect that the KDE wallpaper, in some way, is displayed ABOVE the > cockroaches. As we all know, merely hiding an infestion is no way to > solve it. > The XPenguins homepage ( http://xpenguins.seul.org/ ) reads: <<< On KDE 2.2.1+ you must enable the Support Programs in Desktop Window option under Control Center -> Look & Feel -> Desktop. >>> I suppose groach has the same problem. Regards, Shlomi Fish - Shlomi Fish [EMAIL PROTECTED] Homepage:http://www.shlomifish.org/ Hacker sees bug. Hacker fixes bug. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
The 29th ACM International Collegiate Programming Contest
http://icpc.baylor.edu/icpc/finals/default.htm Does anyone know why Israel is not attending this event? How does the event rank? -- Moshe Leibovitch Tel: +(972)-0546-48-44-11 [EMAIL PROTECTED] I S R A E L = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Failure in running "system" from within perl within apache - solved
On Fri, Apr 08, 2005 at 09:25:44AM +0300, Shachar Shemesh wrote: > Tzafrir Cohen wrote: > > >On Thu, Apr 07, 2005 at 06:53:50PM +0300, Shachar Shemesh wrote: > > > >>The problem was that some directory in the path was not set according to > >>perlsuid's strict rules. As a result, "system" never returned, printing > >>the reason to stderr (but there was no one there to receive it, as it > >>was from a web application). > > > >Isn't the stderr sent to the error log of apache? > > > I captured stderr so that I could detect the program failing, but had no > facilities for doing any actual relay of the information to somewhere > useful. That is a useful idea, though. I'll redirect the stderr to the > apache error log. > > Thanks, You shouldn't need to. This is the default for apache CGI scripts. Or am I missing anything? -- Tzafrir Cohen | New signature for new address and | VIM is http://tzafrir.org.il | new homepage | a Mutt's [EMAIL PROTECTED] || best ICQ# 16849755 | Space reserved for other protocols | friend = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: XRoot not visible with KDE wallpaper?
Shlomi Fish wrote: The XPenguins homepage ( http://xpenguins.seul.org/ ) reads: <<< On KDE 2.2.1+ you must enable the Support Programs in Desktop Window option under Control Center -> Look & Feel -> Desktop. I suppose groach has the same problem. Regards, Shlomi Fish Funny. That solved it for groaches, but not for xroach. Strange. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: print a formatted directory tree
Arik Baratz wrote: On Apr 7, 2005 3:44 PM, Noam Meltzer <[EMAIL PROTECTED]> wrote: Hi, I remember I once encounted a utility which can print a formatted output of the directory tree. But can't find it now. Hi Noam There's a package named tree on my Mandrake installation, but I mainly use a Python routine which I customize to my heart's content. -- Arik #!/usr/bin/env python import os,sys,stat def Crawl(sFolder,sIndent=""): "crawl a folder" lFiles=os.listdir(sFolder) for sFile in lFiles: sAbsFile=os.path.join(sFolder,sFile) try: tStat=os.stat(sAbsFile) except OSError: print 'Cannot stat file %s' % sAbsFile continue nMode=tStat[stat.ST_MODE] if stat.S_ISDIR(nMode): print "%s%s/" % (sIndent,sFile) Crawl(sAbsFile,sIndent+" ") else: print "%s%s" % (sIndent,sFile) def main(): if len(sys.argv)>1: sFolder=sys.argv[1] else: sFolder=os.getcwd() Crawl(sFolder) if __name__ == '__main__': main() 10x all for answering. It was very helpful :) Noam = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
bug in imagemagick_6%3a6.0.6.2-2.2_i386.deb ?
Hi, This morning I installed pstoedit, which required libmagick6 and libmagick++6. This required, of course, upgrading imagemagick to version _6%3a6.0.6.2-2.2_i386.deb. With the new version of display I am unable to use the grab function: When I open the open dialog, I receive the option grab, but when selecting it I get an error message: "unable to open the file "$PWD/x". Is this a known bug ? There is nothing in the bug reports about it, and the help does not mention any way around. Before trying to use other versions of pstoedit and/or imagemagick, I would like to hear about other's experience I am using debian testing/unstable. Thank, Avraham = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: bug in imagemagick_6%3a6.0.6.2-2.2_i386.deb ?
Which directory is $PWD (depends upon how you activate pstoedit or imagemagick)? What are its permissions? To create a file, the directory needs to be writable. --- Omer On Sat, 2005-04-09 at 08:19 +0300, [EMAIL PROTECTED] wrote: > Hi, > This morning I installed pstoedit, which required libmagick6 and > libmagick++6. This required, of course, upgrading imagemagick to > version _6%3a6.0.6.2-2.2_i386.deb. > With the new version of display I am unable to use the grab > function: When I open the open dialog, I receive the option grab, > but when selecting it I get an error message: "unable to open the > file "$PWD/x". > Is this a known bug ? There is nothing in the bug reports about > it, and the help does not mention any way around. > Before trying to use other versions of pstoedit and/or > imagemagick, I would like to hear about other's experience > I am using debian testing/unstable. -- MS-Windows is the Pal-Kal of the PC world. My own blog is at http://www.livejournal.com/users/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
