On Tue, 2010-08-03 at 06:20 -0500, Jason L Tibbitts III wrote: > >>>>> "JvM" == Jeroen van Meeuwen <[email protected]> writes: > > JvM> Is any outbound NEW connection supposed to be used from > JvM> fedorapeople.org accept maybe for a few named sockets on trusted > JvM> remote hosts? > > Well, some might think it reasonable to pull content to fedorapeople > (wget, scp run on fedorapeople pulling from remote sites) instead of > forcing content to be pushed. Which would argue for outbound http and > ssh ports, I guess. Should be easy to just say no to that kind of > thing, though, if the intent is to lock it down. > > I also wonder if mounting user-writable filesystems as noexec would be > reasonable. >
they are noexec - the user uses a python based irc bot and just ran it using: python scriptname. -sv _______________________________________________ infrastructure mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/infrastructure
