On Tuesday, October 11, 2016 at 6:16:31 AM UTC-4, Unman wrote: > On Mon, Oct 10, 2016 at 10:19:16PM -0700, raahe...@gmail.com wrote: > > On Thursday, September 22, 2016 at 7:46:45 AM UTC-4, Connor Page wrote: > > > world writable script executed as root is the worst advice I've ever seen > > > on this mailing list. > > > please don't do that! > > > > I don't even think that'd make it executable, but writeable lol. just do > > chmod a+x > > > > why not filter outbound instead of inbound? > > > chmod 766 does make it executable, obviously - it also makes it world > writable. > > I've seen plenty of worse advice on the lists. > The fact that it's now world writable is a red herring. Every file in a > qube is writeable by the user in default setup, regardless of > permissions. It doesn't matter. > Look at /etc/sudoers.d/qubes > > Setting custom iptables rules from rc.local is possible - whether it > adds anything more than a minimal layer of safety is questionable. I > choose to set inbound and outbound restrictions on all net and proxy > qubes, and custom restrictions on FORWARD rules too. > > unman
oh ok I thought it would make it readable and writable, but not executable. But I didn't test it. Ya well I mean unless he is a webserver I would be filtering outgoing for ports 80,443, not incoming. Figured it was just good practice. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b08846b3-03fc-4d36-aac3-04cf175be68b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.