On Tuesday, October 11, 2016 at 6:16:31 AM UTC-4, Unman wrote:
> On Mon, Oct 10, 2016 at 10:19:16PM -0700, raahe...@gmail.com wrote:
> > On Thursday, September 22, 2016 at 7:46:45 AM UTC-4, Connor Page wrote:
> > > world writable script executed as root is the worst advice I've ever seen 
> > > on this mailing list.
> > > please don't do that!
> > 
> > I don't even think that'd make it executable, but writeable lol.  just do 
> > chmod a+x
> > 
> >     why not filter outbound instead of inbound?
> > 
> chmod 766 does make it executable, obviously - it also makes it world
> writable.
> I've seen plenty of worse advice on the lists.
> The fact that it's now world writable is a red herring. Every file in a
> qube is writeable by the user in default setup, regardless of
> permissions. It doesn't matter.
> Look at /etc/sudoers.d/qubes 
> Setting custom iptables rules from rc.local is possible - whether it
> adds anything more than a minimal layer of safety is questionable. I
> choose to set inbound and outbound restrictions on all net and proxy
> qubes, and custom restrictions on FORWARD rules too.
> unman

oh ok I thought it would make it readable and writable,  but not executable.  
But I didn't test it. 

Ya well I mean unless he is a webserver I would be filtering outgoing for ports 
80,443, not incoming. Figured it was just good practice.  

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to