On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote:
hi
i have a bush script i want to be run with root permisions, no matter which
user executes it.
if it was a binary, i would only need set it suid root.
but as it is a bash script, suid-ing it doesn't do anything, and suid-ing
--- On Thu, 4/23/09, Erez D erez0...@gmail.com wrote:
From: Erez D erez0...@gmail.com
Subject: suid root - bash script
To: linux-il linux-il@cs.huji.ac.il
Date: Thursday, April 23, 2009, 8:56 AM
hi
i have a bush script i want to be run with root permisions,
no matter which user
On Thu, Apr 23, 2009 at 08:56:45AM +0300, Erez D wrote:
i have a bush script i want to be run with root permisions, no matter
which user executes it.
if it was a binary, i would only need set it suid root.
but as it is a bash script, suid-ing it doesn't do anything, and suid-ing
/bin/bash
Oron Peled wrote:
There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.
Name two?
Maybe writing a wrapper suid program that totally sanitize
both the environment
Oleg, first thanks for your answer.
AFAIK, this DPI can block voip application like Skype.
That's an on-going war, similar to the war between P2P applications
and DPI. It's not limited to cellular companies, of course.
There is still a little difference here, I believe, with cellular
On Thu, Apr 23, 2009 at 11:31:38AM +0300, Shachar Shemesh wrote:
Oron Peled wrote:
There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.
Name two?
The main
Hi Yedidyah,
This stupid - in my opinion - restriction also applies to perl script.
And there they also recommend using a C program that will be setuid
that will run the perl script.
This is of course an over-complicated manner of doing things, not to
mention the fact that if this perl script
Hi Noam,
On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
Hi Yedidyah,
This stupid - in my opinion - restriction also applies to perl script.
This is a free country, you know. You are entitled have your own
opinion. As I exaplained below, the main problem with setuid scripts is
Hi,
I've been considering encrypting my backups (e.g. using duplicity), but I am
always afraid to lose the backup key when I lose the data I need to
restore. This has the unfortunate implications of practically having no
backups at all.
I'd like to ask the list, when you backup your data (and
Hi Yedidyah,
See below
On Thu, Apr 23, 2009 at 12:34 PM, Yedidyah Bar-David
linux...@didi.bardavid.org wrote:
Hi Noam,
On Thu, Apr 23, 2009 at 12:08:21PM +0300, Noam Rathaus wrote:
Hi Yedidyah,
This stupid - in my opinion - restriction also applies to perl script.
This is a free country,
Noam Rathaus wrote:
not to
mention the fact that if this perl script or c program wrapper is then
called from Apache the restriction still applies and I haven't been
able to get around it.
At least on my system, perl installs a suid helper that does this for
you. You just mark the
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
So I guess something
Yuval Hager wrote:
Hi,
I've been considering encrypting my backups (e.g. using duplicity), but I am
always afraid to lose the backup key when I lose the data I need to
restore. This has the unfortunate implications of practically having no
backups at all.
I'd like to ask the list, when you
I know for a fact that both Cellcom and Orange initially blocked VoIP
ports on their data services network. Following some pressure ;)
applied on them (by us as well); the networks were opened and today
theoretically support VoIP applications. The current issue with the
providers are the fact
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
Hi Yedidyah,
I guess there are other ways to do this, but that's how it is in unix.
As far as I know, Windows does not have something similar at all - if
you want there to run some program as another user, you have to do much
Hi,
I am seeing these in the logs and I can't find a documentation to what
might have been causing it:
Apr 23 13:57:47 sp kernel: 1Unable to handle kernel paging request
at virtual address 0804c3ac
Apr 23 13:57:47 sp kernel: printing eip:
Apr 23 13:57:47 sp kernel: c0152dc0
Apr 23 13:57:47 sp
Hi Yedidyah,
1) It doesn't run = shows error = stops
2) Under root it works = no error = works
3) Should I test it under another user? :)
On Thu, Apr 23, 2009 at 1:51 PM, Yedidyah Bar-David
linux...@didi.bardavid.org wrote:
On Thu, Apr 23, 2009 at 01:22:43PM +0300, Noam Rathaus wrote:
Hi
'sudo' is what you want.
Why bother? It's easier to simply give those users the root password
as the result would be the same anyway.
Sudo uses the user's password, not root's. Don't let the *buntu
version of sudo mislead you: sudo can be used to give specific users
specific privileges, far
i want a new Internet connection for my home.
Stay away from Netvision. While their network is the best in Israel
when it works, their customer support is terrible, and after
experiencing three days of downtime in January I moved to Bezeq
Beinleumi. Netvision does not see three days of downtime
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and I still get the problem even if I:
1) setuid the file to be setuid root
2) change the perl interpreter at the top of the script from perl to
suidperl (they are the same symbloic link, but I tried it anyhow)
Hi Shachar,
Ok, I will try it out, though as I mentioned in sample I run from this
perl, another perl script that is setuid.
On Thu, Apr 23, 2009 at 2:13 PM, Shachar Shemesh shac...@shemesh.biz wrote:
Noam Rathaus wrote:
Hi Shachar,
Thanks for the response.
I am using here Debian 5.0 and
On Thu, Apr 23, 2009 at 01:59:19PM +0300, Noam Rathaus wrote:
Hi,
I am seeing these in the logs and I can't find a documentation to what
might have been causing it:
Apr 23 13:57:47 sp kernel: 1Unable to handle kernel paging request
at virtual address 0804c3ac
Apr 23 13:57:47 sp kernel:
I've been considering encrypting my backups (e.g. using duplicity), but I am
always afraid to lose the backup key when I lose the data I need to
restore. This has the unfortunate implications of practically having no
backups at all.
I'd like to ask the list, when you backup your data (and
On Thu, Apr 23, 2009 at 02:01:29PM +0300, Noam Rathaus wrote:
Hi Yedidyah,
1) It doesn't run = shows error = stops
2) Under root it works = no error = works
3) Should I test it under another user? :)
Yes, that's what I meant. Sorry.
--
Didi
___
On Thu, Apr 23, 2009 at 1:34 PM, nir grinberg n...@grinberg.org wrote:
The current issue with the
providers are the fact that their data network coverage is not similar
to their GSM coverage. in many locations you will be able to talk via
GSM, but receive a very poor data connection.
That's
Well looking back a few lines above I see:
Apr 23 04:03:46 sp kernel: memory.c:100: bad pmd 0240.
Apr 23 04:03:46 sp kernel: memory.c:100: bad pmd 0240.
Apr 23 05:00:00 sp mysqld: Starting MySQL: succeeded
Apr 23 05:01:00 sp rpcscheduler: rpcd.pl startup succeeded
Apr 23 06:01:00 sp
On Thursday 23 April 2009, Dotan Cohen wrote:
I've been considering encrypting my backups (e.g. using duplicity), but
I am always afraid to lose the backup key when I lose the data I need
to restore. This has the unfortunate implications of practically having
no backups at all.
I'd
Yuval Hager wrote:
On Thursday 23 April 2009, Dotan Cohen wrote:
I've been considering encrypting my backups (e.g. using duplicity), but
I am always afraid to lose the backup key when I lose the data I need
to restore. This has the unfortunate implications of practically having
no backups at
How do you use the password in an automated backup then?
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
And this one to decrypt it:
$ dd if=DATE.tbz | openssl des3 -d -k PASSWORD |
On Thursday 23 April 2009, Dotan Cohen wrote:
How do you use the password in an automated backup then?
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
of=DATE.tbz
And this one to decrypt
Yuval Hager wrote:
On Thursday 23 April 2009, Dotan Cohen wrote:
How do you use the password in an automated backup then?
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd
of=DATE.tbz
On Thursday 23 April 2009, Shachar Shemesh wrote:
Yuval Hager wrote:
On Thursday 23 April 2009, Dotan Cohen wrote:
How do you use the password in an automated backup then?
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ |
Thanks. I probably wasn't clear on (5). I would like to be able to go back
in time when I restore.
I think that you will have to wait for Stephen Hawkins to recover
before that will be possible.
AFAIK, rsync* solutions are mirroring the current
state only, where rdiff-backup and duplicity
Yuval Hager wrote:
Thanks. I probably wasn't clear on (5). I would like to be able to go back
in time when I restore. AFAIK, rsync* solutions are mirroring the current
state only, where rdiff-backup and duplicity does allow time travel.
There is still the original question about the key
Oron Peled o...@actcom.co.il writes:
On 23.04.2009 Yedidyah Bar-David wrote:
'sudo' is what you want.
Why bother? It's easier to simply give those users the root password
as the result would be the same anyway.
Eh? You can sudo this particular script for a particular user or group
and make
Dotan Cohen dotanco...@gmail.com writes:
How do you use the password in an automated backup then?
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
And this one to decrypt it:
$
Yuval Hager yu...@avramzon.net writes:
Well, I was looking for a more streamlined solution. Something that is:
1) automatic
2) offsite (e.g. online)
3) bandwidth and space efficient (due to (2) above)
4) (opt.) encrypted
5) incremental
A combination of tar (that can do incremental backups)
Actually, I do not automate it. This is the command that I use to make
the tarball:
$ tar -zcvf - /home/user/ | openssl des3 -salt -k PASSWORD | dd of=DATE.tbz
And this one to decrypt it:
$ dd if=DATE.tbz | openssl des3 -d -k PASSWORD | tar zvxf -
So you password appears in cleartext in
On Thursday 23 April 2009, Shachar Shemesh wrote:
I should point out one huge disadvantage of storing binary diffs when
using encrypted systems. There is no (practical) way to erase old
backups. Your backup storage size is bound to be ever increasing. This
is because the only way to create a
On Thursday 23 April 2009, Oleg Goldshmidt wrote:
Yuval Hager yu...@avramzon.net writes:
Well, I was looking for a more streamlined solution. Something that is:
1) automatic
2) offsite (e.g. online)
3) bandwidth and space efficient (due to (2) above)
4) (opt.) encrypted
5) incremental
Hi,
Skype is a different issue since it communicate via port 80, though
need a much more advance management tools to be filtered (what's
called Traffic shaping).
Are you sure about it ? What do you mean by that ??
Does Skype send the **Audio** in ***TCP*** port 80 ?!
Can TCP do the job for VOIP
As someone who tried to convince his boss to use Shachar's product, I can tell
you that there are companies (in israel!) who sell a competing product, which
is closed source, but:
* works with a nice Java Based web interface,
* it has a CLI version (works on 64 bit as well)
* it's
I've always assumed it's a Linux issue, but before I complain to them,
does this work for anyone else?
I'm running Ubuntu 9.04.
http://w3.castup.net/spielberg/index.aspx?lang=enid=20
The trailer at the begining runs (duration: a couple of seconds), but
then the main feature stalls.
Michael
Have you tried the greasemonkey script for castup? It might help.
I am bcc'ing Yehuda, who is responsible for most of the greasemonkey scripts
for video in Israeli websites.
On Thu, Apr 23, 2009 at 23:48, Michael Shiloh
michaelshiloh1...@gmail.comwrote:
I've always assumed it's a Linux
2009/4/23 Oleg Goldshmidt p...@goldshmidt.org:
Oron Peled o...@actcom.co.il writes:
On 23.04.2009 Yedidyah Bar-David wrote:
'sudo' is what you want.
Why bother? It's easier to simply give those users the root password
as the result would be the same anyway.
Eh? You can sudo this
I've always assumed it's a Linux issue, but before I complain to them, does
this work for anyone else?
I'm running Ubuntu 9.04.
http://w3.castup.net/spielberg/index.aspx?lang=enid=20
The trailer at the begining runs (duration: a couple of seconds), but then
the main feature stalls.
On 23.04.2009 Shachar Shemesh wrote:
Oron Peled wrote:
There's a reason why the kernel does not respect suid/sgid bit on shell
scripts -- It's because there are gazillions of ways a user can use
this script to gain total root access.
Name two?
Numero uno:
--- cut --- start of
2009/4/23 Dotan Cohen dotanco...@gmail.com:
Actually, I am aware of that problem. I had considered writing a shell
script to automatically add the date and ask for the password, but
decided that will be my opportunity to learn python instead. So until
I have a spare day to get into Python I'm
Asking for password in one shell line:
read -r -s -p SubVersion password for user \$USERNAME\: DEPLOY_PWD
No biggy :)
I know that it is not difficult, but it remains my motivation for
treating myself to learn Python. One of these days.
--
Dotan Cohen
http://what-is-what.com
2009/4/23 Geoffrey Mendelson geoffreymendel...@gmail.com:
That's because there are three different networks involved here.
Orange runs 3 networks. a 900mHz GSM (voice and data up to 14.4kbps if
they allow it), 1800Mhz (voice, 14.4k data and higher speed data
(GPRS?) ) and a 2.1gHz 3G network.
51 matches
Mail list logo
