On Mon, Oct 10, 2016 at 10:19:16PM -0700, raahe...@gmail.com wrote:
> On Thursday, September 22, 2016 at 7:46:45 AM UTC-4, Connor Page wrote:
> > world writable script executed as root is the worst advice I've ever seen 
> > on this mailing list.
> > please don't do that!
> I don't even think that'd make it executable, but writeable lol.  just do 
> chmod a+x
>     why not filter outbound instead of inbound?
chmod 766 does make it executable, obviously - it also makes it world

I've seen plenty of worse advice on the lists.
The fact that it's now world writable is a red herring. Every file in a
qube is writeable by the user in default setup, regardless of
permissions. It doesn't matter.
Look at /etc/sudoers.d/qubes 

Setting custom iptables rules from rc.local is possible - whether it
adds anything more than a minimal layer of safety is questionable. I
choose to set inbound and outbound restrictions on all net and proxy
qubes, and custom restrictions on FORWARD rules too.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to