newgrp is a setuid binary. During the startup of that process, if the vulnerable environment variable is set, dyld will open the requested file. Since stdin=0 / stdout=1 / stderr=2 should be the only open files, the next available file descriptor would be 3. So open() should give dyld that file descriptor.
newgrp will then drop it's privileges and run your shell, perhaps by calling exec() without forking another process. Since the file wasn't specified to close on exec, the shell will inherit the open file descriptor.
If we pass "echo "[something]" >&3" to stdin of newgrp, the echo will be executed in the new shell. Even though that shell is running as the logged in user, fd=3 was opened by root. So the result can be appended to any file you want.
That's a good description, but everyone is still missing the actual cause. Firstly, the European Union is founded on an ideology that doesn't allow for an economic crisis. Second, when the crisis hit in 2008, the Greek *private* sector *reduced* their bank borrowing. Their money supply shrank, velocity shrank too, jobs were lost, tax receipts went down. Their government debt ratio went up, not because they were borrowing more, but because GDP fell. But the Euro doesn't allow Greece to run a large deficit, nor to increase their debt level, so they can't stimulate their economy to prevent further job losses.
The Greek government weren't in good shape before, but the combination of a crisis and the rules imposed by the Union have wiped them out.
maybe there is some security flaw with DHE that I haven't read about yet and that is why its turned off
Logjam. TLDR; about 100k hours of CPU time can build a dictionary to crack most session keys in less than 90 seconds for 512bit primes.
Have you looked at a graph of Greece's unemployment? It's jumped from <10% to >25% since the crisis began.
They need to increase the flow of money around the economy to stimulate job growth. During a downturn the velocity of money shrinks, so no free win there. It's unlikely they're going to increase exports, so a trade surplus is unlikely. They won't be borrowing more money from the banking sector any time soon. Which only leaves a government deficit to stimulate the economy, which is prevented by the Maastricht treaty.
Without leaving the Euro, Greece is screwed.
A real recovery, one for more than just the 1%, would be greatly appreciated.
Not gonna happen until all the private debt we've accumulated in the last 50 years is gone.
Everyone works with their files locally, changes are synced via a common server. Everyone has a compressed backup of the complete history of the entire filesystem for disaster recovery. Everyone should be able to browse and recover any version of any file without adding load to the server, though usability might be slightly lacking. You could also setup a FUSE filesystem on a linux box to browse the history.
You may need to partition the file storage into multiple repositories, so that people don't need to synchronise folders that they don't use.
You can hide the videos with a simple adblock filter; "slashdot.org##article#firehose-000".
You could also make the share button go away (slashdot.org##div.popularity), but that does break the tags css.