On 03/11/2017 12:15 PM, Unman wrote:
The answer to this is encouraging users to make good use of isolation,
qube use and Qubes features. That isnt irresponsible. It's a way of
dealing with the problem. I think you would need to develop a much more
detailed argument to convince me that the answer to malware infections
is putting a password on root access.
I didn't purport to provide "the answer"... strawman argument.
What it comes down to is a matter of degrees and costs.
--
There was no straw man argument here - you raised the issue of "malware
zoos" in the context of a discussion of passwordless sudo - it's
natural to think that you see it as an answer. I cant see it plays any
role.
Your language had portrayed it as a binary choice about which practice
provides "THE answer". That misrepresents the argument being made.
And the zoo analogy holds up pretty well if you accept that zoos are
places where animals are kept under less-than ideal circumstances, but
nevertheless indefinitely.
This is particularly so given your suggestion that the root access
"remembers auth for a certain amount of time" - decent targeted
attacks would have a stub firing to check if sudo was enabled every
few minutes, and would hit the target of opportunity you have opened
for them.
Its not a "suggestion". Its the way sudo works if you change a few
settings according to the vm-sudo doc. :)
The timeout default can be changed easily enough (can be made zero).
A separate shell process would have to get authorization separately, so
the attack you imagine probably wouldn't work there. To be in the same
shell, the attacker would first have to alter a bash startup file, but
these can be easily protected.
Remember, many people pick distros based on the default security and how
smoothly they work with security enhancements. This holds as much for
shell configuration as for other factors. The idea behind this is to use
the security settings that come with the OS, whether that be Debian,
Fedora, Ubuntu or Arch, etc. That makes a better starting point as we
explore options like apparmor and grsecurity (features normally
available in the above distros).
--
Chris Laprise, [email protected]
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/bc8128a1-dfab-f91f-ce3c-87179eecfe47%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
