On Saturday, March 11, 2017 at 8:48:27 PM UTC-5, Chris Laprise wrote: > On 03/11/2017 10:50 AM, cooloutac wrote: > > I have always felt any level of security is useful no matter how trivial to > > bypass. > > > > But I think the decision here for passwordless sudo is not cause privilege > > escalation or non root persistence is trivial. Its because people like my > > mother are not gonna constantly type their password in dozens of vms, or to > > update half a dozen templates, all for a layer of security thats considered > > meaningless to Qubes threat model. In qubes usability is more a factor. > > > > Maybe password for sudo should be an option for people who want it. > > Passwords are not required for sudo authentication: > > https://www.qubes-os.org/doc/vm-sudo/ > > This works like file-copying between VMs... you get a Yes/No prompt in > dom0. And you can have it default to either Yes or No. Anyone could use > it and I suggest you give it a try! > > -- > > Chris Laprise, [email protected] > https://twitter.com/ttaskett
oh ok,I'm just a noob so I thought the opposite of a "passwordless sudo" was one with a password lol Also what does Joanna mean by this statement on that page? " At the same time allowing for easy user-to-root escalation in a VM is simply convenient for users, especially for update installation." If you are talking about some other form of authentication (sorry I have a hard time following your convo with Uman, 0 timeout period for sudo?) then what would make it inconvenient for users? We already have to hit y or n to update templates. I still think its more about usability then whats trivial to bypass. And in that case its based on threat model. Sure security is difficult, but its more about controlling yourself then your machine, imo. But I know you are genius Chris and if there is some method to authenticate to sudo without a password that would not be cumbersome for users I would be for that option. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5800ef8d-b303-481c-afa5-4b9c6d496a66%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
