On Mon, Oct 10, 2016 at 10:19:16PM -0700, raahe...@gmail.com wrote: > On Thursday, September 22, 2016 at 7:46:45 AM UTC-4, Connor Page wrote: > > world writable script executed as root is the worst advice I've ever seen > > on this mailing list. > > please don't do that! > > I don't even think that'd make it executable, but writeable lol. just do > chmod a+x > > why not filter outbound instead of inbound? > chmod 766 does make it executable, obviously - it also makes it world writable.
I've seen plenty of worse advice on the lists. The fact that it's now world writable is a red herring. Every file in a qube is writeable by the user in default setup, regardless of permissions. It doesn't matter. Look at /etc/sudoers.d/qubes Setting custom iptables rules from rc.local is possible - whether it adds anything more than a minimal layer of safety is questionable. I choose to set inbound and outbound restrictions on all net and proxy qubes, and custom restrictions on FORWARD rules too. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161011101629.GA26870%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
