--- On Thu, 4/23/09, Erez D wrote:
> From: Erez D
> Subject: suid root - bash script
> To: "linux-il"
> Date: Thursday, April 23, 2009, 8:56 AM
> hi
>
> i have a bush script i want to be run with root permisions,
> no matter which user executes it.
>
> if it was a binary, i would only need
On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote:
> i have a bush script i want to be run with root permisions, no matter
> which user executes it.
>
> if it was a binary, i would only need set it suid root.
>
> but as it is a bash script, suid-ing it doesn't do anything, and suid-ing
> /bi
Oron Peled wrote:
There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.
Name two?
Maybe writing a wrapper suid program that totally sanitize
both the environment an
Oleg, first thanks for your answer.
>> AFAIK, this DPI can block voip application like Skype.
>That's an on-going war, similar to the war between P2P applications
>and DPI. It's not limited to cellular companies, of course.
There is still a little difference here, I believe, with cellular compan
On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
>
> Oron Peled wrote:
>>
>> There's a reason why the kernel does not respect suid/sgid bit on shell
>> scripts -- It's because there are gazillions of ways a user can use
>> this script to gain total root access.
>>
> Name two?
Th
Hi Yedidyah,
This "stupid" - in my opinion - restriction also applies to perl script.
And there they also recommend using a C program that will be setuid
that will run the perl script.
This is of course an over-complicated manner of doing things, not to
mention the fact that if this perl script
Hi Noam,
On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
>
> This "stupid" - in my opinion - restriction also applies to perl script.
This is a free country, you know. You are entitled have your own
opinion. As I exaplained below, the main problem with setuid scripts
Hi,
I've been considering encrypting my backups (e.g. using duplicity), but I am
always afraid to lose the backup key when I lose the data I need to
restore. This has the unfortunate implications of practically having no
backups at all.
I'd like to ask the list, when you backup your data (and
Hi Yedidyah,
See below
On Thu, Apr 23, 2009 at 12:34 PM, Yedidyah Bar-David
wrote:
> Hi Noam,
>
> On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
>> Hi Yedidyah,
>>
>> This "stupid" - in my opinion - restriction also applies to perl script.
>
> This is a free country, you know. You
Noam Rathaus wrote:
not to
mention the fact that if this perl script or c program wrapper is then
called from Apache the restriction still applies and I haven't been
able to get around it.
At least on my system, perl installs a suid helper that does this for
you. You just mark the per
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
So I guess something
Yuval Hager wrote:
Hi,
I've been considering encrypting my backups (e.g. using duplicity), but I am
always afraid to lose the backup key when I lose the data I need to
restore. This has the unfortunate implications of practically having no
backups at all.
I'd like to ask the list, when you
I know for a fact that both Cellcom and Orange initially blocked VoIP
ports on their data services network. Following some "pressure" ;)
applied on them (by us as well); the networks were opened and today
"theoretically" support VoIP applications. The current issue with the
providers are the fact
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
> > I guess there are other ways to do this, but that's how it is in unix.
> > As far as I know, Windows does not have something similar at all - if
> > you want there to run some program as another user, you have to do mu
Hi,
I am seeing these in the logs and I can't find a documentation to what
might have been causing it:
Apr 23 13:57:47 sp kernel: <1>Unable to handle kernel paging request
at virtual address 0804c3ac
Apr 23 13:57:47 sp kernel: printing eip:
Apr 23 13:57:47 sp kernel: c0152dc0
Apr 23 13:57:47 sp
Hi Yedidyah,
1) It doesn't run => shows error => stops
2) Under root it works => no error => works
3) Should I test it under another user? :)
On Thu, Apr 23, 2009 at 1:51 PM, Yedidyah Bar-David
wrote:
> On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
>> Hi Yedidyah,
>> > I guess
>> 'sudo' is what you want.
>
> Why bother? It's easier to simply give those users the root password
> as the result would be the same anyway.
>
Sudo uses the user's password, not root's. Don't let the *buntu
version of sudo mislead you: sudo can be used to give specific users
specific privileges,
> i want a new Internet connection for my home.
>
Stay away from Netvision. While their network is the best in Israel
when it works, their customer support is terrible, and after
experiencing three days of downtime in January I moved to Bezeq
Beinleumi. Netvision does not see three days of downtim
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
Hi Shachar,
Ok, I will try it out, though as I mentioned in sample I run from this
perl, another perl script that is setuid.
On Thu, Apr 23, 2009 at 2:13 PM, Shachar Shemesh wrote:
> Noam Rathaus wrote:
>
> Hi Shachar,
>
> Thanks for the response.
>
> I am using here Debian 5.0 and I still get t
On Thu, Apr 23, 2009 at 01:59:19PM +0300, Noam Rathaus wrote:
> Hi,
>
> I am seeing these in the logs and I can't find a documentation to what
> might have been causing it:
> Apr 23 13:57:47 sp kernel: <1>Unable to handle kernel paging request
> at virtual address 0804c3ac
> Apr 23 13:57:47 sp ke
> I've been considering encrypting my backups (e.g. using duplicity), but I am
> always afraid to lose the backup key when I lose the data I need to
> restore. This has the unfortunate implications of practically having no
> backups at all.
>
> I'd like to ask the list, when you backup your data (a
On Thu, Apr 23, 2009 at 02:01:29PM +0300, Noam Rathaus wrote:
> Hi Yedidyah,
>
> 1) It doesn't run => shows error => stops
> 2) Under root it works => no error => works
> 3) Should I test it under another user? :)
Yes, that's what I meant. Sorry.
--
Didi
___
On Thu, Apr 23, 2009 at 1:34 PM, nir grinberg wrote:
> The current issue with the
> providers are the fact that their data network coverage is not similar
> to their GSM coverage. in many locations you will be able to talk via
> GSM, but receive a very poor data connection.
That's because there
Well looking back a few lines above I see:
Apr 23 04:03:46 sp kernel: memory.c:100: bad pmd 0240.
Apr 23 04:03:46 sp kernel: memory.c:100: bad pmd 0240.
Apr 23 05:00:00 sp mysqld: Starting MySQL: succeeded
Apr 23 05:01:00 sp rpcscheduler: rpcd.pl startup succeeded
Apr 23 06:01:00 sp rpcsch
On Thursday 23 April 2009, Dotan Cohen wrote:
> > I've been considering encrypting my backups (e.g. using duplicity), but
> > I am always afraid to lose the backup key when I lose the data I need
> > to restore. This has the unfortunate implications of practically having
> > no backups at all.
> >
Yuval Hager wrote:
On Thursday 23 April 2009, Dotan Cohen wrote:
I've been considering encrypting my backups (e.g. using duplicity), but
I am always afraid to lose the backup key when I lose the data I need
to restore. This has the unfortunate implications of practically having
no backups at
> How do you use the password in an automated backup then?
>
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
And this one to decrypt it:
$ dd if=DATE.tbz | openssl des3 -d -k PASSWORD |
On Thursday 23 April 2009, Dotan Cohen wrote:
> > How do you use the password in an automated backup then?
>
> Actually, I do not automate it. This is the command that I use to make
> the tarball:
> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
> of=DATE.tbz
>
> And this one to de
Yuval Hager wrote:
On Thursday 23 April 2009, Dotan Cohen wrote:
How do you use the password in an automated backup then?
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
of=DATE.tbz
An
On Thursday 23 April 2009, Shachar Shemesh wrote:
> Yuval Hager wrote:
> > On Thursday 23 April 2009, Dotan Cohen wrote:
> >>> How do you use the password in an automated backup then?
> >>
> >> Actually, I do not automate it. This is the command that I use to make
> >> the tarball:
> >> $ tar -zcvf
> Thanks. I probably wasn't clear on (5). I would like to be able to go back
> in time when I restore.
I think that you will have to wait for Stephen Hawkins to recover
before that will be possible.
> AFAIK, rsync* solutions are mirroring the current
> state only, where rdiff-backup and duplicity
Yuval Hager wrote:
Thanks. I probably wasn't clear on (5). I would like to be able to go back
in time when I restore. AFAIK, rsync* solutions are mirroring the current
state only, where rdiff-backup and duplicity does allow time travel.
There is still the original question about the key hand
Oron Peled writes:
> On 23.04.2009 Yedidyah Bar-David wrote:
>> 'sudo' is what you want.
>
> Why bother? It's easier to simply give those users the root password
> as the result would be the same anyway.
Eh? You can sudo this particular script for a particular user or group
and make it non-modif
Dotan Cohen writes:
>> How do you use the password in an automated backup then?
>>
>
> Actually, I do not automate it. This is the command that I use to make
> the tarball:
> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
>
> And this one to decrypt it:
> $ dd if=DATE
Yuval Hager writes:
> Well, I was looking for a more streamlined solution. Something that is:
> 1) automatic
> 2) offsite (e.g. online)
> 3) bandwidth and space efficient (due to (2) above)
> 4) (opt.) encrypted
> 5) incremental
A combination of tar (that can do incremental backups) and scp or
s
>> Actually, I do not automate it. This is the command that I use to make
>> the tarball:
>> $ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
>>
>> And this one to decrypt it:
>> $ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -
>
> So you password appears in cl
On Thursday 23 April 2009, Shachar Shemesh wrote:
> I should point out one huge disadvantage of storing binary diffs when
> using encrypted systems. There is no (practical) way to erase old
> backups. Your backup storage size is bound to be ever increasing. This
> is because the only way to create
On Thursday 23 April 2009, Oleg Goldshmidt wrote:
> Yuval Hager writes:
> > Well, I was looking for a more streamlined solution. Something that is:
> > 1) automatic
> > 2) offsite (e.g. online)
> > 3) bandwidth and space efficient (due to (2) above)
> > 4) (opt.) encrypted
> > 5) incremental
>
> A
Hi,
>Skype is a different issue since it communicate via port 80, though
>need a much more advance management tools to be filtered (what's
>called Traffic shaping).
Are you sure about it ? What do you mean by that ??
Does Skype send the **Audio** in ***TCP*** port 80 ?!
Can TCP do the job for VOI
As someone who tried to convince his boss to use Shachar's product, I can tell
you that there are companies (in israel!) who sell a competing product, which
is closed source, but:
* works with a nice Java Based web interface,
* it has a CLI version (works on 64 bit as well)
* it's incremental
I've always assumed it's a Linux issue, but before I complain to them,
does this work for anyone else?
I'm running Ubuntu 9.04.
http://w3.castup.net/spielberg/index.aspx?lang=en&id=20
The "trailer" at the begining runs (duration: a couple of seconds), but
then the main feature stalls.
Micha
Have you tried the greasemonkey script for castup? It might help.
I am bcc'ing Yehuda, who is responsible for most of the greasemonkey scripts
for video in Israeli websites.
On Thu, Apr 23, 2009 at 23:48, Michael Shiloh
wrote:
> I've always assumed it's a Linux issue, but before I complain to
2009/4/23 Oleg Goldshmidt :
> Oron Peled writes:
>
>> On 23.04.2009 Yedidyah Bar-David wrote:
>>> 'sudo' is what you want.
>>
>> Why bother? It's easier to simply give those users the root password
>> as the result would be the same anyway.
>
> Eh? You can sudo this particular script for a particu
> I've always assumed it's a Linux issue, but before I complain to them, does
> this work for anyone else?
>
> I'm running Ubuntu 9.04.
>
> http://w3.castup.net/spielberg/index.aspx?lang=en&id=20
>
> The "trailer" at the begining runs (duration: a couple of seconds), but then
> the main feature sta
On 23.04.2009 Shachar Shemesh wrote:
> Oron Peled wrote:
> >
> > There's a reason why the kernel does not respect suid/sgid bit on shell
> > scripts -- It's because there are gazillions of ways a user can use
> > this script to gain total root access.
> >
> Name two?
Numero uno:
--- cut ---
2009/4/23 Dotan Cohen :
> Actually, I am aware of that problem. I had considered writing a shell
> script to automatically add the date and ask for the password, but
> decided that will be my opportunity to learn python instead. So until
> I have a spare day to get into Python I'm doing it this way
> Asking for password in one shell line:
>
> read -r -s -p "SubVersion password for user \"$USERNAME\": " DEPLOY_PWD
>
> No biggy :)
>
I know that it is not difficult, but it remains my motivation for
treating myself to learn Python. One of these days.
--
Dotan Cohen
http://what-is-what.com
htt
2009/4/23 Geoffrey Mendelson :
> That's because there are three different networks involved here.
> Orange runs 3 networks. a 900mHz GSM (voice and data up to 14.4kbps if
> they allow it), 1800Mhz (voice, 14.4k data and higher speed data
> (GPRS?) ) and a 2.1gHz 3G network. The 900 mHz network cove
Before I begin, I should point out that I never brought my company's
service up in this thread. Yes, rsyncrypto is my project, and it is a
major part of the service Lingnu is offering, but it is open source,
comes built in as part of Debian and Ubuntu, and you can use it without
paying me or Li
51 matches
Mail list logo
