Re: outgoing port block on fedorapeople.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 3 Aug 2010, seth vidal wrote:

> On Tue, 2010-08-03 at 06:20 -0500, Jason L Tibbitts III wrote:
> > >>>>> "JvM" == Jeroen van Meeuwen <kanarip@xxxxxxxxxxx> writes:
> >
> > JvM> Is any outbound NEW connection supposed to be used from
> > JvM> fedorapeople.org accept maybe for a few named sockets on trusted
> > JvM> remote hosts?
> >
> > Well, some might think it reasonable to pull content to fedorapeople
> > (wget, scp run on fedorapeople pulling from remote sites) instead of
> > forcing content to be pushed.  Which would argue for outbound http and
> > ssh ports, I guess.  Should be easy to just say no to that kind of
> > thing, though, if the intent is to lock it down.
> >
> > I also wonder if mounting user-writable filesystems as noexec would be
> > reasonable.
> >
>
> they are noexec - the user uses a python based irc bot and just ran it
> using:
> python scriptname.
>

I wonder how much pain chmod o-x /usr/bin/python would cause :)

	-Mike
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure


[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux