On Tuesday, October 11, 2016 at 6:16:31 AM UTC-4, Unman wrote:
> On Mon, Oct 10, 2016 at 10:19:16PM -0700, raahe...@gmail.com wrote:
> > On Thursday, September 22, 2016 at 7:46:45 AM UTC-4, Connor Page wrote:
> > > world writable script executed as root is the worst advice I've ever seen
> > > on this mailing list.
> > > please don't do that!
> >
> > I don't even think that'd make it executable, but writeable lol. just do
> > chmod a+x
> >
> > why not filter outbound instead of inbound?
> >
> chmod 766 does make it executable, obviously - it also makes it world
> writable.
>
> I've seen plenty of worse advice on the lists.
> The fact that it's now world writable is a red herring. Every file in a
> qube is writeable by the user in default setup, regardless of
> permissions. It doesn't matter.
> Look at /etc/sudoers.d/qubes
>
> Setting custom iptables rules from rc.local is possible - whether it
> adds anything more than a minimal layer of safety is questionable. I
> choose to set inbound and outbound restrictions on all net and proxy
> qubes, and custom restrictions on FORWARD rules too.
>
> unman
oh ok I thought it would make it readable and writable, but not executable.
But I didn't test it.
Ya well I mean unless he is a webserver I would be filtering outgoing for ports
80,443, not incoming. Figured it was just good practice.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b08846b3-03fc-4d36-aac3-04cf175be68b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.