On 03/11/2017 10:50 AM, cooloutac wrote:
I have always felt any level of security is useful no matter how trivial to
bypass.
But I think the decision here for passwordless sudo is not cause privilege
escalation or non root persistence is trivial. Its because people like my
mother are not gonna constantly type their password in dozens of vms, or to
update half a dozen templates, all for a layer of security thats considered
meaningless to Qubes threat model. In qubes usability is more a factor.
Maybe password for sudo should be an option for people who want it.
Passwords are not required for sudo authentication:
https://www.qubes-os.org/doc/vm-sudo/
This works like file-copying between VMs... you get a Yes/No prompt in
dom0. And you can have it default to either Yes or No. Anyone could use
it and I suggest you give it a try!
--
Chris Laprise, [email protected]
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e431e3eb-d890-0d13-16da-2af3797937c9%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
